295 matches found
CVE-2016-7462
The Suite REST API in VMware vRealize Operations aka vROps 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization...
CVE-2016-7462
CVE-2016-7462 affects VMware vRealize Operations (vROps) 6.x prior to 6.4.0. The REST API deserialization vulnerability allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload mishandled during deserialization. VM...
CVE-2016-7457
CVE-2016-7457 affects VMware vRealize Operations (vROps) 6.x prior to 6.4.0. A privilege-escalation vulnerability could allow a remote authenticated vROps user (low-privileged) to gain full access to the application and potentially stop or delete virtual machines. The primary root cause is a priv...
VMware Releases Security Update
VMware has released a security update to address a vulnerability in vRealize Operations. Exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2016-0020 and apply the...
VMware vRealize Operating Platform Remote Code Execution Vulnerability
VMware vRealize Operations is a set of policy-based, automated, intelligent IT operations and management software from VMware, Inc. A remote code execution vulnerability exists in the VMware vRealize Operations platform. An attacker could exploit the vulnerability to execute arbitrary code in the...
VMware vRealize Operations Privilege Escalation Vulnerability (VMSA-2016-0016)
VMware vRealize Operations is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
VMware vRealize Operations REST API Deserialization Vulnerability (VMSA-2016-0020)
VMware vRealize Operations is prone to a deserialization vulnerability in its REST API implementation. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
VMSA-2016-0020:vRealize Operations update addresses REST API deserialization vulnerability
VMSA-2016-0020 vRealize Operations update addresses REST API deserialization vulnerability. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0020 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: vRealize Operations update addresses REST API...
VMware vRealize Operations Remote Elevation of Privilege Vulnerability
VMware vRealize Operations is a set of policy-based, automated, intelligent IT operations and management software from VMware, Inc. A remote elevation of privilege vulnerability exists in VMware vRealize Operations. A remote attacker could exploit this vulnerability to gain full control of an...
VMware vRealize Operations Manager Detection (HTTP)
HTTP based detection of VMware vRealize Operations Manager. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
VMware Aria Operations Web UI Detection
Binary data vmwarevrealizeoperationsmanagerwebuidetect.nbin...
VMSA-2016-0005:VMware product updates address CRITICAL and HIGH security issues
VMSA-2016-0005.5 VMware product updates address critical and important security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0005.5 VMware Security Advisory Synopsis: VMware product updates address critical and important security issues. VMware Security Advisory...
CVE-2015-6934
Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager vADM 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the...
VMware vCenter Server updates address an important reflected cross-site scripting issue
3.a Commons-collections deserialization vulnerability A deserialization vulnerability involving Apache Commons-collections and a specially constructed chain of classes exists. Successful exploitation could result in remote code execution, with the permissions of the application using the...
VMSA-2015-0009:VMware vCenter Server updates address an HIGH reflected cross-site scripting issue
VMSA-2015-0009.5 VMware product updates address a critical deserialization vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2015-0009.5 VMware Security Advisory Synopsis: VMware product updates address a critical deserialization vulnerability VMware Security...