Vulnerabilites related to VMware - VMware vRealize Log Insight
cve-2018-6980
Vulnerability from cvelistv5
Published
2018-11-13 22:00
Modified
2024-08-05 06:17
Severity ?
EPSS score ?
Summary
VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2018-0028.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/105925 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | VMware vRealize Log Insight |
Version: VVMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:17:17.509Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.vmware.com/security/advisories/VMSA-2018-0028.html", }, { name: "105925", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105925", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "VMware vRealize Log Insight", vendor: "VMware", versions: [ { status: "affected", version: "VVMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2)", }, ], }, ], datePublic: "2018-11-13T00:00:00", descriptions: [ { lang: "en", value: "VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.", }, ], problemTypes: [ { descriptions: [ { description: "Authorization bypass vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-11-15T10:57:01", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.vmware.com/security/advisories/VMSA-2018-0028.html", }, { name: "105925", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105925", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@vmware.com", ID: "CVE-2018-6980", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "VMware vRealize Log Insight", version: { version_data: [ { version_value: "VVMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2)", }, ], }, }, ], }, vendor_name: "VMware", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Authorization bypass vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "https://www.vmware.com/security/advisories/VMSA-2018-0028.html", refsource: "CONFIRM", url: "https://www.vmware.com/security/advisories/VMSA-2018-0028.html", }, { name: "105925", refsource: "BID", url: "http://www.securityfocus.com/bid/105925", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2018-6980", datePublished: "2018-11-13T22:00:00", dateReserved: "2018-02-14T00:00:00", dateUpdated: "2024-08-05T06:17:17.509Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }