1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • VMware fixes four serious vRealize vulnerabilities

    From TechnologyDaily@1337:1/100 to All on Wed Jan 25 18:00:03 2023
    VMware fixes four serious vRealize vulnerabilities

    Date:
    Wed, 25 Jan 2023 17:50:36 +0000

    Description:
    Two have been given a 9.8 severity score, suggesting vulnerabilities that warrant urgent patching.

    FULL STORY ======================================================================

    Virtualization giant VMware has released patches for four vulnerabilities in its vRealize Log Insight product, two of which have a critical severity rating.

    The critical pair are CVE-2022-31703 and CVE-2022-31704. The former is a directory traversal vulnerability, while the latter is a broken access
    control vulnerability. Both were given a 9.8 severity score, and both allow threat actors to access resources that should otherwise be inaccessible.

    "An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution," VMware explained. Sensitive data at risk

    The other two flaws are CVE-2022-31710 and CVE-2022-31711. The former is a deserialization vulnerability that allows threat actors to tamper with data and launch denial-of-service attacks. Its been given a 7.5 severity score.
    The latter is a 5.3-scored information disclosure bug that can be leveraged
    to steal sensitive data.

    To protect against the flaws, users are advised to apply the patch immediately, and bring their endpoints to version 8.10.2. Those that cannot apply the patch right now can also apply the workaround, for which the instructions can be found here . Read more

    Known VMware flaw abused to distribute ransomware


    These critical VMware security flaws must be patched now


    Remove viruses and ransomware with the best malware removal

    The flaws were originally discovered by the Zero Day Initiative, the publication confirmed. The programs members said that so far, there is no evidence of the flaws being abused in the wild.

    "We're not aware of any public exploit code or active attacks using this vulnerability," Dustin Childs, head of threat awareness at Trend Micro's ZDI, told The Register . "While we have no current plans to publish proof of concept for this bug, our research in VMware and other virtualization technologies continues."

    vRealize Log Insight is a log management tool. Although its not as popular as some of VMwares other solutions, the companys presence in both the public and private sectors most likely makes all of its products an attractive target
    for cybercriminals looking for vulnerabilities. Free and paid options for the best firewall software to stay protected online

    Via: The Register



    ======================================================================
    Link to news story: https://www.techradar.com/news/vmware-fixes-four-serious-vrealize-vulnerabilit ies


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)