What is CVE-2022-31711?

CVE-2022-31711 is a vulnerability in Vrealize Log Insight (Vrli). Published 2023-01-25.

Is CVE-2022-31711 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Vrealize Log Insight (Vrli)

CVE-2022-31711

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.

EPSS: 0.824 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a Vrealize Log Insight (Vrli) — versions vRealize Log Insight 8.10.1 and prior

Public proof-of-concept exploits

rapid7/metasploit-framework
getdrive/PoC
horizon3ai/CVE-2023-34051
horizon3ai/vRealizeLogInsightRCE

References

www.vmware.com/security/advisories/VMSA-2023-0001.html
packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticate…

Frequently asked questions

What is CVE-2022-31711?: CVE-2022-31711 is a vulnerability in Vrealize Log Insight (Vrli). Published 2023-01-25.
Is CVE-2022-31711 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.