What is CVE-2022-31704?

CVE-2022-31704 is a vulnerability in Vrealize Log Insight (Vrli). Published 2023-01-25.

Is CVE-2022-31704 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Vrealize Log Insight (Vrli)

CVE-2022-31704

The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.

EPSS: 0.898 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a Vrealize Log Insight (Vrli) — versions vRealize Log Insight 8.10.1 and prior

Public proof-of-concept exploits

rapid7/metasploit-framework
getdrive/PoC
horizon3ai/CVE-2023-34051
horizon3ai/vRealizeLogInsightRCE
karimhabush/cyberowl

References

www.vmware.com/security/advisories/VMSA-2023-0001.html
packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticate…

Frequently asked questions

What is CVE-2022-31704?: CVE-2022-31704 is a vulnerability in Vrealize Log Insight (Vrli). Published 2023-01-25.
Is CVE-2022-31704 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.