Session ID Handling Vulnerability in VMware vRealize Automation
CVE-2018-6959

9.8CRITICAL

Key Information:

Vendor: Vmware
Status: Vrealize Automation
Vendor: CVE Published:; 12 April 2018

What is CVE-2018-6959?

VMware vRealize Automation prior to version 7.4.0 is susceptible to a vulnerability related to the management of session IDs. This vulnerability could allow an attacker to hijack a valid user's session, thereby gaining unauthorized access to the system. Without proper validation and handling of session information, attackers can exploit this flaw to impersonate the user, leading to potential data breaches and unauthorized operations within the affected environment. Users are advised to upgrade to the latest version to mitigate this risk.

Affected Version(s)

vRealize Automation prior to 7.4.0

References

http://www.securityfocus.com/bid/103752

vdb-entryx_refsource_BID

http://www.vmware.com/security/advisories/VMSA-2018-0009....

x_refsource_CONFIRM

http://www.securitytracker.com/id/1040676

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 12, 2018
Vulnerability Reserved
Feb 14, 2018

Vmware

What is CVE-2018-6959?

Affected Version(s)

References

CVSS V3.1

Timeline