Voyager18 (research)

The vRealize Log Insight vulnerabilities - are you impacted?

VMware has released an advisory for vulnerabilities in its vRealize Log Insight tool. Here's everything you need to know.

Lior Ben Dayan | February 01, 2023

VMware has addressed four security issues in its vRealize Log Insight analysis tool, including two critical vulnerabilities.

Here’s everything you need to know:

What is the vulnerability?

Last week VMware released VMSA-2023-0001 advisory for vRealize Log Insight, warning about four vulnerabilities that were privately reported:

The following vulnerabilities are:

  • CVE-2022-31706 – Directory Traversal Vulnerability
  • CVE-2022-31704 – Broken Access Control Vulnerability
  • CVE-2022-31710 – Deserialization Vulnerability
  • CVE-2022-31711 – Information Disclosure Vulnerability

Yesterday, James Horseman from, published their technical paper, demonstrating in detail how the combination of three of the CVEs can lead to RCE on the vulnerable server.

Have the vRealize Log Insight vulnerabilities been actively exploited in the wild?

There is not yet any indication of exploitation published by threat intelligence teams, but we are probably going to hear of some soon because also published a PoC that exploits these vulnerabilities to run arbitrary code on a vRealize server.

Do they affect me?

The affected software is VMware vRealize Log Insight 8.x and below 8.10.2, which is the fixed version for these vulnerabilities.

It is recommended teams patch it immediately.

In case full remediation is not possible for you currently, VMware also published two workaround guides – if you use vRealize Log Insight within VMware Cloud Foundation environment (VCF), use KB90668, or KB90635.

Next steps

Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors:

  1. Cyber risk in 2022- a 360° view report 
  2. MITRE ATTACK framework – Mapping techniques to CVEs 
  3. Exploit maturity: an introduction 
  4. How to properly tackle zero-day threats 
  5. Threat intelligence frameworks in 2022 

And finally…

Don’t get found out by new vulnerabilities. Vulcan Cyber gives you full visibility and oversight of your threat environment and lets you prioritize, remediate and communicate your cyber risk across your entire organization. Get a demo today.

cve examples

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy