diff --git a/http/cves/2022/CVE-2022-31711.yaml b/http/cves/2022/CVE-2022-31711.yaml
index 70458a6d13db..d39c135e2e10 100644
--- a/http/cves/2022/CVE-2022-31711.yaml
+++ b/http/cves/2022/CVE-2022-31711.yaml
@@ -26,27 +26,34 @@ info:
     shodan-query: http.title:"vrealize log insight"
     fofa-query: title="vrealize log insight"
     google-query: intitle:"vrealize log insight"
-  tags: cve,cve2022,vmware,info-leak,passive,vkev
+  tags: cve,cve2022,vmware,exposure,passive,vkev
 
 http:
   - method: GET
     path:
-      - "{{BaseURL}}/ui/login.action"
+      - "{{BaseURL}}/i18n/component/JS?locale=en-US"
+      - "{{BaseURL}}/api/v1/version"
 
+    stop-at-first-match: true
     matchers-condition: and
     matchers:
       - type: dsl
         dsl:
-          - "status_code == 200"
-          - "compare_versions(version, '< 8.10.2')"
-          - "contains(body, 'vRealize Operations Manager')"
+          - 'status_code == 200'
+          - 'contains_any(body, "logInsight", "releaseName\":")'
         condition: and
 
+      - type: dsl
+        dsl:
+          - "compare_versions(version, '>= 8.0.0', '< 8.10.2')"
+          - "compare_versions(version, '>= 3.0', '< 4.8')"
+        condition: or
+
     extractors:
       - type: regex
         part: body
-        group: 1
         name: version
+        group: 1
         regex:
-          - "SessionProvider.js\\?version=([0-9.]+)"
-# digest: 4b0a00483046022100a347dcc02ed7cac45bac601c7a370fd83e83a3544fa6db42008d9f6b21daf0190221009d7abc36fb08fd5051208f4559e34788969b8b741ce1d5775ebfd7ba836d1fe9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+          - 'version"\s*:\s*"([0-9.]+)'
+# digest: 4b0a00483046022100a347dcc02ed7cac45bac601c7a370fd83e83a3544fa6db42008d9f6b21daf0190221009d7abc36fb08fd5051208f4559e34788969b8b741ce1d5775ebfd7ba836d1fe9:922c64590222798bb761d5b6d8e72950