The urgency to patch three dangerous security flaws in a VMware virtual appliance product increased this week following the release of exploit code.
In an update to its VMSA-2023-0001 bulletin, VMware acknowledged the release of the exploit code and urged users of its VMware vRealize Log Insight product to immediately implement mitigations. The vulnerabilities are rated critical with CVSS severity scores of 9.8 out of 10. They are tracked as CVE-2022-31706, CVE-2022-31704, and CVE-2022-31710.
Users of its VMware vRealize Log Insight are impacted by the security flaws, which an unauthenticated attacker could use to seize total control of a target system.