Session ID Handling Vulnerability in VMware vRealize Automation
CVE-2018-6959

9.8CRITICAL

Key Information:

Vendor
Vmware
Status
Vrealize Automation
Vendor
CVE Published:
12 April 2018

Summary

VMware vRealize Automation prior to version 7.4.0 is susceptible to a vulnerability related to the management of session IDs. This vulnerability could allow an attacker to hijack a valid user's session, thereby gaining unauthorized access to the system. Without proper validation and handling of session information, attackers can exploit this flaw to impersonate the user, leading to potential data breaches and unauthorized operations within the affected environment. Users are advised to upgrade to the latest version to mitigate this risk.

Affected Version(s)

vRealize Automation prior to 7.4.0

References

http://www.securityfocus.com/bid/103752
vdb-entryx_refsource_BID
http://www.vmware.com/security/advisories/VMSA-2018-0009....
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040676
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.