Detections
Analytics
VMware vRealize Log Insight 4.x < 8.1.0 XSS Vulnerability (VMSA-2020-0007)
medium Nessus Plugin ID 135923
Language:
Synopsis
A log management application running on the remote host is affected by a XSS vulnerability.Description
The VMware vRealize Log Insight application running on the remote host is 4.0.0 or later but prior to 8.1.0. It is, therefore, affected by a XSS vulnerability.Solution
Upgrade to VMware vRealize Log Insight version 8.1.0 or later.See Also
https://www.vmware.com/security/advisories/VMSA-2020-0007.html
Plugin Details
Severity: Medium
ID: 135923
File Name: vmware_vrealize_log_insight_vmsa-2020-0007.nasl
Version: 1.3
Type: combined
Family: CGI abuses
Published: 4/23/2020
Updated: 4/24/2020
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS Score Source: CVE-2020-3954
CVSS v3
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:vmware:vrealize_log_insight
Required KB Items: installed_sw/VMware vRealize Log Insight
Exploit Ease: No known exploits are available
Patch Publication Date: 4/14/2020
Vulnerability Publication Date: 4/14/2020
Reference Information
CVE: CVE-2020-3953, CVE-2020-3954
IAVB: 2020-B-0022
VMSA: 2020-0007