CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6958 – VMware Security Advisory 2018-0009
https://notcve.org/view.php?id=CVE-2018-6958
12 Apr 2018 — VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation. VMware vRealize Automation (vRA), en versiones anteriores a la 7.3.1, contiene una vulnerabilidad que podría permitir un ataque de Cross-Site Scripting (XSS) basado en DOM. La explotación de este problema podría conducir al compromiso de la estación de trabajo del usuario vRA. vRealize A... • http://www.securityfocus.com/bid/103752 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-6959 – VMware Security Advisory 2018-0009
https://notcve.org/view.php?id=CVE-2018-6959
12 Apr 2018 — VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session. VMware vRealize Automation (vRA), en versiones anteriores a la 7.3.1, contiene una vulnerabilidad en la gestión de ID de sesión. La explotación de este problema podría conducir al secuestro de una sesión válida de un usuario vRA. vRealize Automation (vRA) updates address multiple security issues. • http://www.securityfocus.com/bid/103752 • CWE-384: Session Fixation •
CVSS: 9.1EPSS: 2%CPEs: 11EXPL: 0CVE-2016-7460 – VMware Security Advisory 2016-0022
https://notcve.org/view.php?id=CVE-2016-7460
24 Nov 2016 — The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. La característica Single Sign-On en VMware vCenter Server 5.5 en versiones anteriores a U3e y 6.0 en versiones anteriores a U2a y vRealize Automation 6.x en v... • http://www.securityfocus.com/bid/94485 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2015-2344 – VMware Security Advisory 2016-0003
https://notcve.org/view.php?id=CVE-2015-2344
15 Mar 2016 — Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en VMware vRealize Automation 6.x en versiones anteriores a 6.2.4 en Linux permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. VMware vRealize Automation and vRealize Business Advanced and Enterprise address Cross-Site Script... • http://www.securitytracker.com/id/1035270 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •