CVE-2018-6980
VMware Security Advisory 2018-0028
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.
VMware vRealize Log Insight (versiones 4.7.x anteriores a la 4.7.1 y versiones 4.6.x anteriores a la 4.6.2) contiene una vulnerabilidad debido a la autorización incorrecta en el método de registro de usuarios. Su explotación con éxito podría permitir que los usuarios administradores con el permiso "view only" realicen ciertas funciones administrativas que no se les permite realizar.
VMware vRealize Log Insight updates address an authorization bypass vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-02-14 CVE Reserved
- 2018-11-13 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/105925 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.vmware.com/security/advisories/VMSA-2018-0028.html | 2019-10-03 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Vrealize Log Insight Search vendor "Vmware" for product "Vrealize Log Insight" | >= 4.6 < 4.6.2 Search vendor "Vmware" for product "Vrealize Log Insight" and version " >= 4.6 < 4.6.2" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vrealize Log Insight Search vendor "Vmware" for product "Vrealize Log Insight" | >= 4.7 < 4.7.1 Search vendor "Vmware" for product "Vrealize Log Insight" and version " >= 4.7 < 4.7.1" | - |
Affected
|