VMwareVMSA-2016-0003VMware vRealize Automation and vRealize Business Advanced and Enterprise address Cross-Site Scripting (XSS) issues.
0.001 Low
EPSS
Percentile
28.8%
a. Important Stored Cross-Site Scripting (XSS) issue in VMware vRealize Automation VMware vRealize Automation contains a vulnerability that may allow for a Stored Cross-Site Scripting (XSS) attack. Exploitation of this issue may lead to the compromise of a vRA user’s client workstation. VMware would like to thank Lukasz Plonka for reporting this issue to us.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vmware vrealize automation | lt | 6.2.4 | |
| vmware vrealize business advanced and enterprise | lt | 8.2.5 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2344
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2075
kb.vmware.com/kb/2078735
lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
www.vmware.com/security/advisories
kb.vmware.com/kb/1055
twitter.com/VMwareSRC
www.vmware.com/support/policies/lifecycle.html
www.vmware.com/support/policies/security_response.html
Related
