VMware reveals vulns

VMware has revealed “important” flaws in VMware Identity Manager and vRealize Automation.

Both products “contain a vulnerability that may allow for a local privilege escalation. Exploitation of this issue may lead to an attacker with access to a low-privileged account to escalate their privileges to that of root.”

vRealize Automation also “contains a vulnerability that may allow for remote code execution,” exploitation of which “may lead to an attacker gaining access to a low-privileged account on the appliance.”

The fix is in: Identity Manager 2.7 fixes the problems, as does vRealize Automation 7.1. The latter was released today and adds a new Integration Framework for IPAM and out of the box support for Active Directory policies. ®


Biting the hand that feeds IT © 1998–2017