CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6958 – VMware Security Advisory 2018-0009
https://notcve.org/view.php?id=CVE-2018-6958
12 Apr 2018 — VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation. VMware vRealize Automation (vRA), en versiones anteriores a la 7.3.1, contiene una vulnerabilidad que podría permitir un ataque de Cross-Site Scripting (XSS) basado en DOM. La explotación de este problema podría conducir al compromiso de la estación de trabajo del usuario vRA. vRealize A... • http://www.securityfocus.com/bid/103752 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-6959 – VMware Security Advisory 2018-0009
https://notcve.org/view.php?id=CVE-2018-6959
12 Apr 2018 — VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session. VMware vRealize Automation (vRA), en versiones anteriores a la 7.3.1, contiene una vulnerabilidad en la gestión de ID de sesión. La explotación de este problema podría conducir al secuestro de una sesión válida de un usuario vRA. vRealize Automation (vRA) updates address multiple security issues. • http://www.securityfocus.com/bid/103752 • CWE-384: Session Fixation •
CVSS: 10.0EPSS: 27%CPEs: 3EXPL: 0CVE-2017-4947 – VMware Security Advisory 2018-0006
https://notcve.org/view.php?id=CVE-2017-4947
26 Jan 2018 — VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance. VMware Realize Automation (7.3 y 7.2) y vSphere Integrated Containers (1.x anteriores a 1.3) contienen una vulnerabilidad de deserialización mediante Xenon. La explotación con éxito de este problema podría permitir que atacantes remotos ejecuten código arbitra... • http://www.securityfocus.com/bid/102852 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5334 – VMware Security Advisory 2016-0021
https://notcve.org/view.php?id=CVE-2016-5334
24 Nov 2016 — VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. VMware Identity Manager 2.x en versiones anteriores a 2.7.1 y vRealize Automation 7.x en versiones anteriores a 7.2.0 permite a atacantes remotos leer archivos /SAAS/WEB-INF y /SAAS/META-INF a través de vectores no especificados. VMware product updates address partial information disclosure vulnerability. • http://www.securityfocus.com/bid/94482 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.1EPSS: 2%CPEs: 11EXPL: 0CVE-2016-7460 – VMware Security Advisory 2016-0022
https://notcve.org/view.php?id=CVE-2016-7460
24 Nov 2016 — The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. La característica Single Sign-On en VMware vCenter Server 5.5 en versiones anteriores a U3e y 6.0 en versiones anteriores a U2a y vRealize Automation 6.x en v... • http://www.securityfocus.com/bid/94485 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5335 – VMware Security Advisory 2016-0013
https://notcve.org/view.php?id=CVE-2016-5335
24 Aug 2016 — VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors. VMware Identity Manager 2.x en versiones anteriores a 2.7 y vRealize Automation 7.0.x en versiones anteriores a 7.1 permiten a usuarios locales obtener acceso root a través de vectores no especificados. VMware Identity Manager and vRealize Automation updates address multiple security issues. • http://www.securityfocus.com/bid/92608 •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2016-5336 – VMware Security Advisory 2016-0013
https://notcve.org/view.php?id=CVE-2016-5336
24 Aug 2016 — VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors. VMware vRealize Automation 7.0.x en versiones anteriores a 7.1 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. VMware Identity Manager and vRealize Automation updates address multiple security issues. • http://www.securityfocus.com/bid/92607 •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2015-2344 – VMware Security Advisory 2016-0003
https://notcve.org/view.php?id=CVE-2015-2344
15 Mar 2016 — Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en VMware vRealize Automation 6.x en versiones anteriores a 6.2.4 en Linux permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. VMware vRealize Automation and vRealize Business Advanced and Enterprise address Cross-Site Script... • http://www.securitytracker.com/id/1035270 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •