Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Vulnerabilities in VMWare Product
Alerts

Vulnerabilities in VMWare Product

15 December 2022

VMware has released security updates to address several vulnerabilities in VMware vRealize Network Insight (vRNI), one of which is critical.

The vulnerabilities are:

  • CVE-2022-31702: Improper input validation within the vRNI REST API. A remote unauthenticated attacker can pass specially crafted data to the affected REST API endpoint and execute arbitrary commands on the system.

  • CVE-2022-31703: Input validation error when processing directory traversal sequences within the vRNI REST API. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

The following versions are affected by these vulnerabilities:

  • VMware vRealize Network Insight (vRNI) 6.2, 6.3, 6.4, 6.5.x, 6.6, 6.7

Users and administrators of the affected versions are advised to upgrade to the latest versions immediately.

More information is available here:

https://www.vmware.com/security/advisories/VMSA-2022-0031.html

https://www.cybersecurity-help.cz/vdb/SB2022121329

Back to top