CVE-2022-31703

Name of the Vulnerable Software and Affected Versions vRealize Log Insight (affected versions not specified) vRealize Network Insight (affected versions not specified)

Description The issue concerns a Directory Traversal Vulnerability in the vRealize Log Insight and vRealize Network Insight. This vulnerability allows an unauthenticated, malicious actor to inject files into the operating system of an impacted appliance, potentially resulting in remote code execution. It also enables a malicious actor with network access to the vRNI REST API to read arbitrary files from the server.

Recommendations For vRealize Log Insight, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For vRealize Network Insight, consider restricting access to the vRNI REST API to minimize the risk of exploitation. As a temporary workaround, avoid using the downloadFile functionality until a patch is available.