VMSA-2016-0016

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

Greetings from the VMware Security Response Center!

Today we released VMSA-2016-0016 which documents CVE-2016-7457 – a Critical severity issue in vRealize Operations (vROps).

Due to the severity of this issue we have released emergency patches to resolve the issue in the latest supported versions of the product. Generally speaking, privilege escalations would normally fall into the Important severity category but there is also the possibility that an attacker could stop and delete VMs unrelated to vROps so we rated this issue as Critical. In addition, the fix is scheduled to be rolled into the next release of vROps.

Thanks to Edgar Carvalho for reporting this issue to us. Edgar runs a blog over at http://vman.ch. Great find!

That’s it for now.

Drop us a line at security@vmware.com if you have any questions on the vulnerability or advisory.

The post VMSA-2016-0016 appeared first on VMware Security & Compliance Blog.

Leave a Reply

Your email address will not be published. Required fields are marked *