VMware vRealize Log Insight

Cross Site Scripting (XSS) and Open Redirect vulnerabilities in vRealize Log Insight were privately reported to the VMware Security Response Center. Updates are available to remediate these vulnerabilities in vRealize Log Insight.

vRealize Log Insight does not properly validate user input, resulting in XSS vulnerabilities. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.4.

A malicious actor with permissions equivalent to the predefined 'user' role may be able to add a malicious payload via the Log Insight UI which would be executed when the victim (another user or administrator) views this data in the UI (Stored XSS). Successful exploitation of this issue may result in a compromise of the victim's workstation.

To remediate CVE-2020-3953 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below.

None.

None.

None.

VMware would like to thank Michał Bogdanowicz @STM Solutions [https://www.linkedin.com/in/micha%C5%82-bogdanowicz-603267a8/] and Michal Brzezicki @STM Solutions [https://www.linkedin.com/in/m-brzezicki/] for reporting this issue to us.

vRealize Log Insight does not properly validate user input, resulting in an Open Redirect vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.1.

A malicious actor may be able to perform a phishing attack by sending a seemingly trusted URL for a vRLI deployment to a victim. Upon opening this URL the victim will be redirected to a location of the attacker's choosing. Successful exploitation of this issue may result in a compromise of the victim's workstation.

To remediate CVE-2020-3954 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below.

None.

None.

None.

VMware would like to thank Michał Bogdanowicz @STM Solutions [https://www.linkedin.com/in/micha%C5%82-bogdanowicz-603267a8/] and Michal Brzezicki @STM Solutions [https://www.linkedin.com/in/m-brzezicki/] for reporting this issue to us.

Fixed Version(s) and Release Notes:

vRealize Log Insight 8.1.1:
https://my.vmware.com/web/vmware/details?downloadGroup=VRLI-811&productId=993&rPId=47157

vRealize Log Insight 8.1.0:
https://my.vmware.com/web/vmware/details?productId=993&rPId=47157&downloadGroup=VRLI-810

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3953

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3954

FIRST CVSSv3 Calculator:
CVE-2020-3953:

https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
CVE-2020-3954:

https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

2020-04-14 VMSA-2020-0007
Initial security advisory.

2020-05-28: VMSA-2020-0007.1
It was determined that the fixes for CVE-2020-3953 included in 8.1.0 were not complete. This has been corrected in the 8.1.1 release.

2020-06-24: VMSA-2020-0007.2
Added remediation information for the vRealize Log Insight 4.x release line.

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists: 

 [email protected]

 [email protected]

 f[email protected]

E-mail: [email protected]

PGP key at:

https://kb.vmware.com/kb/1055 

VMware Security Advisories

https://www.vmware.com/security/advisories

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog

https://blogs.vmware.com/security 

Twitter

https://twitter.com/VMwareSRC

Copyright 2020 VMware Inc. All rights reserved.