ID |
CVE-2018-6980
|
Summary |
VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:vmware:vrealize_log_insight:4.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vrealize_log_insight:4.6:*:*:*:*:*:*:*
-
cpe:2.3:a:vmware:vrealize_log_insight:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vrealize_log_insight:4.6.1:*:*:*:*:*:*:*
-
cpe:2.3:a:vmware:vrealize_log_insight:4.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vrealize_log_insight:4.7:*:*:*:*:*:*:*
|
CVSS |
Base: | 6.5 (as of 03-10-2019 - 13:33) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-863 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
SINGLE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
refmap
via4
|
|
Last major update |
03-10-2019 - 13:33 |
Published |
13-11-2018 - 22:29 |
Last modified |
03-10-2019 - 13:33 |