VMware Security Updates Address Cross-site scripting (XSS) Issues

In the middle of last week VMware made available security updates for the following products:

  • VMware vRealize Automation 6.2.4
  • VMware vRealize Business Advanced and Enterprise 8.2.5

These updates address a cross-site scripting (XSS) issue (defined) in each of these products. These issues were assigned separate CVE numbers (defined). These vulnerabilities were responsibly disclosed (defined) by Lukasz Plonka and Alvaro Trigo Martin de Vidales of Deloitte Spain (respectively) to VMware.

Why Should These Issues Be Considered Important?

If an attacker were to successfully exploit this issue it may lead to the compromise of the client’s workstation being used to access these products. Further details or severity of this compromise are not provided by VMware.

How Can I Protect Myself From These Issues?
VMware have released updates to resolve this issue within the affected products. Please refer to VMware’s security advisory to download the necessary updates.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s