Main Vulnerability Database Vulnerabilities #VU15886

#VU15886 Authorization bypass in Aria Operations for Logs (formerly vRealize Log Insight) - CVE-2018-6980

Published: November 13, 2018 / Updated: November 14, 2018

Vulnerability identifier: #VU15886

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-6980

CWE-ID: CWE-285

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Aria Operations for Logs (formerly vRealize Log Insight)

Software vendor:
VMware, Inc

Description

The vulnerability allows a remote administrative attacker to bypass authorization on the target system.

The vulnerability exists due to improper authorization in the user registration method. An Admin attacker with view only permission can perform certain administrative functions not allowed to perform.

Remediation

The vulnerability has been fixed in the versions 4.6.2, 4.7.1.

External links

https://www.vmware.com/security/advisories/VMSA-2018-0028.html

#VU15886 Authorization bypass in Aria Operations for Logs (formerly vRealize Log Insight) - CVE-2018-6980

Description

Remediation

External links

Please verify you're human