VMware has released updates for four security vulnerabilities that could have allowed remote code execution in the VMware vRealize Log Insight solution. vRealize Log Insight is a log management tool that helps to collect, view and analyze logs from monitoring or network solutions.
The critical vulnerabilities, identified as CVE-2022-31706 and CVE-2022-31704, are caused by directory traversal errors and improper access restrictions.
The company has released version 8.10.2 of VMware vRealize Log Insight, which addresses these vulnerabilities. There have been no findings of active exploitation of these vulnerabilities. It is recommended that these updates be applied as soon as possible to prevent potential attacks.