a. Important Stored Cross-Site Scripting (XSS) issue in VMware vRealize Automation VMware vRealize Automation contains a vulnerability that may allow for a Stored Cross-Site Scripting (XSS) attack. Exploitation of this issue may lead to the compromise of a vRA user’s client workstation. VMware would like to thank Lukasz Plonka for reporting this issue to us.
CPE | Name | Operator | Version |
---|---|---|---|
vmware vrealize automation | lt | 6.2.4 | |
vmware vrealize business advanced and enterprise | lt | 8.2.5 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2344
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2075
kb.vmware.com/kb/2078735
lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
www.vmware.com/security/advisories
kb.vmware.com/kb/1055
twitter.com/VMwareSRC
www.vmware.com/support/policies/lifecycle.html
www.vmware.com/support/policies/security_response.html