Session ID Handling Vulnerability in VMware vRealize Automation
CVE-2018-6959
9.8CRITICAL
What is CVE-2018-6959?
VMware vRealize Automation prior to version 7.4.0 is susceptible to a vulnerability related to the management of session IDs. This vulnerability could allow an attacker to hijack a valid user's session, thereby gaining unauthorized access to the system. Without proper validation and handling of session information, attackers can exploit this flaw to impersonate the user, leading to potential data breaches and unauthorized operations within the affected environment. Users are advised to upgrade to the latest version to mitigate this risk.
Affected Version(s)
vRealize Automation prior to 7.4.0