CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6958 – VMware Security Advisory 2018-0009
https://notcve.org/view.php?id=CVE-2018-6958
12 Apr 2018 — VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation. VMware vRealize Automation (vRA), en versiones anteriores a la 7.3.1, contiene una vulnerabilidad que podría permitir un ataque de Cross-Site Scripting (XSS) basado en DOM. La explotación de este problema podría conducir al compromiso de la estación de trabajo del usuario vRA. vRealize A... • http://www.securityfocus.com/bid/103752 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-6959 – VMware Security Advisory 2018-0009
https://notcve.org/view.php?id=CVE-2018-6959
12 Apr 2018 — VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session. VMware vRealize Automation (vRA), en versiones anteriores a la 7.3.1, contiene una vulnerabilidad en la gestión de ID de sesión. La explotación de este problema podría conducir al secuestro de una sesión válida de un usuario vRA. vRealize Automation (vRA) updates address multiple security issues. • http://www.securityfocus.com/bid/103752 • CWE-384: Session Fixation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5334 – VMware Security Advisory 2016-0021
https://notcve.org/view.php?id=CVE-2016-5334
24 Nov 2016 — VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. VMware Identity Manager 2.x en versiones anteriores a 2.7.1 y vRealize Automation 7.x en versiones anteriores a 7.2.0 permite a atacantes remotos leer archivos /SAAS/WEB-INF y /SAAS/META-INF a través de vectores no especificados. VMware product updates address partial information disclosure vulnerability. • http://www.securityfocus.com/bid/94482 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2016-5336 – VMware Security Advisory 2016-0013
https://notcve.org/view.php?id=CVE-2016-5336
24 Aug 2016 — VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors. VMware vRealize Automation 7.0.x en versiones anteriores a 7.1 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. VMware Identity Manager and vRealize Automation updates address multiple security issues. • http://www.securityfocus.com/bid/92607 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5335 – VMware Security Advisory 2016-0013
https://notcve.org/view.php?id=CVE-2016-5335
24 Aug 2016 — VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors. VMware Identity Manager 2.x en versiones anteriores a 2.7 y vRealize Automation 7.0.x en versiones anteriores a 7.1 permiten a usuarios locales obtener acceso root a través de vectores no especificados. VMware Identity Manager and vRealize Automation updates address multiple security issues. • http://www.securityfocus.com/bid/92608 •