New VMware Security Advisory VMSA-2018-0009

New VMware Security Advisory VMSA-2018-0009

This post was originally published on this site ---

--- This is a critical security advisory from VMware (VMSA) ---

Today VMware has released the following new security advisory:

VMSA-2018-0009  – vRealize Automation (vRA) updates address multiple security issues

This documents the remediation of Important and Moderate severity issues (CVE-2018-6958  and CVE-2018-6959).

Issue (a)  CVE-2018-6958 is a DOM-based cross-site scripting (XSS) vulnerability. Exploitation of this issue may lead to the compromise of the vRA user’s workstation.

Issue (b) CVE-2018-6959 is a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user’s session.

vRealize Automation 7.3.1 and 7.4.0 provide remediations for these vulnerabilities.

VMware would like to thank Oliver Matula and Benjamin Schwendemann of ERNW Enno Rey Netzwerke GmbH for reporting these issues to us.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.

The post New VMware Security Advisory VMSA-2018-0009 appeared first on VMware Security & Compliance Blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.