a. VMware Identity Manager local privilege escalation vulnerability
VMware Identity Manager and vRealize Automation both contain a vulnerability that may allow for a local privilege escalation. Exploitation of this issue may lead to an attacker with access to a low-privileged account to escalate their privileges to that of root.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has reserved the identifier CVE-2016-5335 for this issue.
Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5335
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5336
lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
www.vmware.com/security/advisories
kb.vmware.com/kb/1055
kb.vmware.com/kb/2146585
my.vmware.com/en/web/vmware/info/slug/desktop_end_user_computing/vmware_identity_manager/2_7
my.vmware.com/group/vmware/info/slug/infrastructure_operations_management/vmware_vrealize_automation/7_1#product_downloads
twitter.com/VMwareSRC
www.vmware.com/support/policies/lifecycle.html
www.vmware.com/support/policies/security_response.html