Session ID Handling Vulnerability in VMware vRealize Automation
CVE-2018-6959
9.8CRITICAL
Summary
VMware vRealize Automation prior to version 7.4.0 is susceptible to a vulnerability related to the management of session IDs. This vulnerability could allow an attacker to hijack a valid user's session, thereby gaining unauthorized access to the system. Without proper validation and handling of session information, attackers can exploit this flaw to impersonate the user, leading to potential data breaches and unauthorized operations within the affected environment. Users are advised to upgrade to the latest version to mitigate this risk.
Affected Version(s)
vRealize Automation prior to 7.4.0
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved