1 min read

VMware Releases Patches for vRealize Log Insight Security Bugs

VMware Releases Patches for vRealize Log Insight Security Bugs

VMware has released updates for a group of four vulnerabilities in its vRealize Log Insight logging platform, three of which can be combined to achieve remote code execution with root privileges. Researchers have developed a working exploit for the bug chain and are urging enterprises to install the patches as soon as possible. Now known as VMware Aria Operations for Logs, vRealize Log Insight makes it easier for VMware admins to analyse and manage terabytes of infrastructure and application logs.

The four critical vulnerabilities in vRealize Log Insight include a directory traversal flaw, an information disclosure bug, a broken access control bug, and a denial-of-service flaw. VMware released updates to address the bugs on Jan. 24, but now researchers at Horizon3 have developed a working exploit for the bugs and are planning to release a detailed technical analysis of the weaknesses and exploit soon.

VMware has advised that the vulnerabilities were addressed with VMware vRealize Log Insight 8.10.2

Please read full VMware Security Advisory here.

Workaround Available

Workarounds for CVE-2022-31710 can be found in the 'Workaround' column of the 'Response Matrix' on this VMware advisory.

The company also shared a temporary fix for admins who cannot immediately deploy today's security updates in their environments.

 

VMware ESXi 7.0 U3k Patch for Secure Boot Issue (KB5022842, Feb. 2023 update)

VMware ESXi 7.0 U3k Patch for Secure Boot Issue (KB5022842, Feb. 2023 update)

VMware has released VMware ESXi 7.0 U3k patch on 21 February 2023 to address the Secure Boot issue of VMs.

Read More
Patch Available for VMware CVE-2021-22048 - andersenIT

Patch Available for VMware CVE-2021-22048 - andersenIT

VMware has finally released a patch to address privilege escalation vulnerability CVE-2021-22048 which was disclosed to users 8 months ago. The...

Read More
VMware ESXi 6.5 and 6.7 End of Support Reminder

VMware ESXi 6.5 and 6.7 End of Support Reminder

As originally announced by VMware in May 2022, the End of General Support for vSphere 6.5 and vSphere 6.7 is October 15, 2022. Technical Guidance for...

Read More