Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

New VMware Security Advisory VMSA-2018-0028

0
0

Today, VMware has released the following new security advisory:

“VMSA-2018-0028 ( https://www.vmware.com/security/advisories/VMSA-2018-0028.html ) VMware vRealize Log Insight updates address an authorization bypass vulnerability”

This documents the remediation of a moderate severity authorization bypass vulnerability (CVE-2018-6980 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6980 ) in VMware vRealize Log Insight. The issue exists due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.

We would like to thank Piotr Madej of (ING Tech Poland https://ingtechpoland.com/ ) for reporting this issue to us.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.


Viewing all articles
Browse latest Browse all 12749




Latest Images