Product reviews, deals and the latest tech news

Four significant vRealize vulnerabilities are fixed by VMware

Patches for four vulnerabilities, including two with a “critical” severity rating, have been released for VMware’s vRealize Log Insight product.

CVE-2022-31703 and CVE-2022-31704 are the two most important vulnerabilities. Comparatively, the former is a directory traversal vulnerability, while the latter is an issue with access control. Both were rated as 9.8s on the severity scale and give threat actors access to protected resources.

“An unauthenticated, malicious actor can inject files into the operating system of an affected appliance, which can lead to remote code execution,” VMware said.

Put at risk: private information

CVE-2022-31710 and CVE-2022-31711 are the other two vulnerabilities. The former is a deserialization flaw that can be exploited by malicious actors to cause denial-of-service attacks or alter data. The severity rating for this is 7. The second flaw is a 5.3-rated information disclosure bug that can be exploited to steal private information.

Users should update to version 8.10.2 of the endpoints (opens in new tab) immediately to protect themselves from the vulnerabilities. Instructions on how to use the workaround are available here for those who are unable to instal the patch at this time (opens in new tab).

The publication confirmed that the flaws were discovered by the Zero Day Initiative. Representatives from the programme have stated that they have seen no evidence of the vulnerabilities being exploited in the real world.

Dustin Childs, head of threat awareness at Trend Micro’s ZDI, told The Register, “We are not aware of any public exploit code or active attacks using this vulnerability.” Research into VMware and other virtualization technologies continues, but there are no plans to release proof of concept for this bug at this time.

To organise and analyse logs, you can use vRealize Log Insight. Although not as widely adopted as other VMware solutions, the company’s widespread use in both the public and private sectors makes any of its products vulnerable to attack.