VMware has fixed critical security flaws in the vRealize log analytics tool

VMware issued Tuesday security patches to fix vRealize Log Insight flaws that could allow attackers remote execution of unpatched appliances.

vRealize log insight, also known as is a tool to analyze logs from VMware environments.

Today’s first major bug is CVE-2022-31703. This is a directory traversal vulnerability exploited by malicious actors to infect the operating systems of affected appliances and allow remote code execution.

This second flaw (CVE-2022-31704 is also known as the Broken Access Control Flaw). It can be used to remotely execute code on appliances that are vulnerable by injecting malicious files.

These vulnerabilities have . They can both be used by authenticated threat actors to exploit low-complexity attacks without user interaction.

VMware a deserialization flaw (CVE-2022-31710) which can trigger a Denial of Service state (CVE-2022-31710) and an Information disclosure vulnerability (CVE-2022-3711) that can be exploited to gain sensitive session or application information.

According to the company, these vulnerabilities had been fixed using . The security flaws addressed today have not been tagged as exploited by the wild.

Also available: Workaround

VMware offers detailed instructions for upgrading to the most recent version of vRealize Log insight .

A temporary solution was also provided by the company for administrators who are unable to immediately install today’s security update in their environment.

You can use the above workaround by logging into every vRealize log insight node of your cluster as root using SSH. Then, execute a script provided by VMware .

Administrators should also verify the workaround by recording every node in which the script was executed.

You should receive a message confirming that you have successfully applied the workaround to VMSA-20233-0001 if the workaround was correctly used.

VMware also a critical heap-out-of-bounds writing flaw in EHCI controller (CVE-2022-31705). This vulnerability can impact ESXi and Workstation and could lead to code execution. Also, CVE-2022-31702 allows for command execution via the vRNI API without authentication.