{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-31710", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "dateUpdated": "2023-01-25T00:00:00", "dateReserved": "2022-05-25T00:00:00", "datePublished": "2023-01-25T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2023-01-25T00:00:00"}, "descriptions": [{"lang": "en", "value": "vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service."}], "affected": [{"vendor": "n/a", "product": "vRealize Log Insight (vRLI)", "versions": [{"version": "vRealize Log Insight 8.10.1 and prior", "status": "affected"}]}], "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "VMware vRealize Log Insight Deserialization Vulnerability"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", "matchCriteriaId": "78E848BE-FFD0-40D3-AA72-17E47F616661", "versionEndIncluding": "4.8", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", "matchCriteriaId": "476F80CF-8F34-402E-9175-E506B844724D", "versionEndExcluding": "8.10.2", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service."}, {"lang": "es", "value": "vRealize Log Insight contiene una vulnerabilidad de deserializaci\u00f3n. Un actor malicioso no autenticado puede desencadenar de forma remota la deserializaci\u00f3n de datos que no son de confianza, lo que podr\u00eda provocar una denegaci\u00f3n de servicio."}], "id": "CVE-2022-31710", "lastModified": "2023-02-01T16:59:34.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-26T21:15:38.037", "references": [{"source": "security@vmware.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}