Virtualization era large VMware on Tuesday shipped its first safety bulletin for 2023 with patches for more than one critical-level flaws that divulge companies to far off code execution assaults.
VMware mentioned the protection defects impact customers of its VMware vRealize Log Perception and might be exploited via an unauthenticated attacker to take complete regulate of a goal machine.
VMware’s VRealize Log Perception is a log assortment and analytics digital equipment utilized by directors to gather, view, arrange and analyze syslog information.
The corporate mentioned probably the most severe of the 4 documented flaws lift a CVSS severity ranking of 9.8 out of 10, including to the urgency for organizations to use to be had patches.
An advisory from the Palo Alto, Calif. corporate described the failings — CVE-2022-31706, CVE-2022-31704, CVE-2022-31710 and CVE-2022-31711 –as listing traversal and damaged get right of entry to regulate problems with bad implications.
“An unauthenticated, malicious actor can inject recordsdata into the running machine of an impacted equipment which can lead to far off code execution,” VMware warned.
The corporate additionally shipped fixes for a separate deserialization vulnerability that exposes vRealize Log Perception customers to denial-of-service assaults.
VMware additionally patched a knowledge disclosure factor that allowed attackers to remotely gather delicate consultation and alertness knowledge with out authentication.
Similar: VMware Patches VM Get away Flaw Exploited at Geekpwn Match
Similar: Gaping Authentication Bypass Holes in VMware Workspace One
Similar: VMware Confirms Workspace One Exploits within the Wild
