Headline
CVE-2022-31655: VMSA-2022-0019
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
Advisory ID: VMSA-2022-0019
CVSSv3 Range: 3.9
Issue Date: 2022-07-12
Updated On: 2022-07-12 (Initial Advisory)
CVE(s): CVE-2022-31654, CVE-2022-31655
Synopsis: VMware vRealize Log Insight contains multiple stored cross-site scripting vulnerabilities
Share this page on social media
Sign up for Security Advisories
****1. Impacted Products****
- VMware vRealize Log Insight
****2. Introduction****
Multiple cross-site scripting vulnerabilities in vRealize Log Insight were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products.
****3. VMware vRealize Log Insight updates address multiple Cross Site Scripting (XSS) vulnerabilities (CVE-2022-31654, CVE-2022-31655)****
VMware vRealize Log Insight contains multiple stored cross-site scripting (XSS) vulnerabilities. VMware has evaluated the severity of these issues to be in the Low severity range with a maximum CVSSv3 base score of 3.9.
A malicious actor with admin privileges may be able to inject malicious code into alerts and configurations due to improper input sanitization.
To remediate CVE-2022-31654 and CVE-2022-31655, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.
VMware would like to thank Subramanian S for reporting this issue to us.
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
VMware vRealize Log Insight
8.x
Any
CVE-2022-31654, CVE-2022-31655
3.9
low
8.8.2
None
None
****4. References****
****5. Change Log****
**2022-07-12: VMSA-2022-0019
**Initial security advisory.
****6. Contact****