a. Important stored cross-site scripting issue in VMware vRealize Log Insight VMware vRealize Log Insight contains a vulnerability that may allow for a stored cross-site scripting attack. Exploitation of this issue may lead to the hijack of an authenticated user’s session.
VMware would like to thank Lukasz Plonka for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2016-2081 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
CPE | Name | Operator | Version |
---|---|---|---|
vmware vrealize log insight | lt | 3.3.2 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2081
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2082
kb.vmware.com/kb/2078735
lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
kb.vmware.com/kb/1055
my.vmware.com/en/web/vmware/info/slug/infrastructure_operations_management/vmware_vrealize_log_insight/3_3
twitter.com/VMwareSRC