Lucene search
AnonymousZDI-23-116HistoryFeb 09, 2023 - 12:00 a.m.
VMware vRealize Log Insight getConfig Missing Authentication for Critical Function Information Disclosure Vulnerability
2023-02-0900:00:00
Anonymous
www.zerodayinitiative.com
14
vmware
log insight
authentication
vulnerability
disclosure
functionality
compromise
EPSS
0.001
Percentile
48.4%
This vulnerability allows remote attackers to disclose information on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getConfig function. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.
Related
cve
cve
CVE-2022-31711
2023-01-26 21:15:38
prion
prion
Information disclosure
2023-01-26 21:15:00
nvd
nvd
CVE-2022-31711
2023-01-26 21:15:38
cvelist
cvelist
CVE-2022-31711
2023-01-25 00:00:00
packetstorm
packetstorm
VMware vRealize Log Insight Unauthenticated Remote Code Execution
2023-09-11 00:00:00
zdt
zdt
VMware vRealize Log Insight Unauthenticated Remote Code Execution Exploit
2023-09-11 00:00:00
metasploit
metasploit
VMware vRealize Log Insight Unauthenticated RCE
2023-08-08 18:32:38
thn
thn
vmware
vmware
githubexploit
githubexploit
Exploit for Incorrect Authorization in Vmware Aria Operations For Logs
2023-10-20 14:59:45
nessus
nessus
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-09-15 18:54:45