vRealize Automation updates address multiple security issues.

2018-04-12T00:00:00
ID VMSA-2018-0009
Type vmware
Reporter VMware
Modified 2018-04-12T00:00:00

Description

a. DOM-based cross-site scripting (XSS) vulnerability.

VMware vRealize Automation contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation.

VMware would like to thank Oliver Matula and Benjamin Schwendemann of ERNW Enno Rey Netzwerke GmbH for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6958 to this issue.

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.