CVE-2022-31711

MEDIUM EXPLOITED NUCLEI

Vmware Vrealize Log Insight < 4.8 - Information Disclosure

Title source: rule

Description

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.

Exploits (2)

vulncheck_xdb WORKING POC

infoleak

https://github.com/horizon3ai/vRealizeLogInsightRCE

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Horizon3.ai Attack Team · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_vrli_rce.rb

View Code ZIP pw:eip

Nuclei Templates (1)

VMware vRealize Log Insight < v8.10.2 - Information Disclosure

MEDIUMby DhiyaneshDK

Shodan: http.title:"vrealize log insight"

FOFA: title="vrealize log insight"

References (2)

[Patch, Vendor Advisory] https://www.vmware.com/security/advisories/VMSA-2023-0001.html

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html

Scores

CVSS v3 5.3

EPSS 0.8174

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2023-12-20

CWE

CWE-200

Status published

Products (1)

vmware/vrealize_log_insight 3.0 - 4.8

Published Jan 26, 2023

Tracked Since Feb 18, 2026