VMware fixes flaws in Identity Manager, vRealize Automation

VMware has patched a local privilege escalation vulnerability in its Identity Manager service and vRealize Automation software, as well as a remote code execution flaw in the latter product.
VMware has patched a local privilege escalation vulnerability in its Identity Manager service and vRealize Automation software, as well as a remote code execution flaw in the latter product.

Cloud and virtualization software company VMware released security updates this week to address a local privilege escalation vulnerability in its VMware Identity Manager and vRealize Automation software, as well as a remote code execution vulnerability in the latter of the two products.

VMware characterized these flaws, respectively designated as CVE-2016-5335 and CVE-2016-5336,  as “important” in terms of severity. The privilege escalation vulnerability, if exploited, could have allowed an attacker to upgrade from a low-privilege account to root-access privileges, enabling full control of the affected machine. Meanwhile, the remote code execution vulnerability in VRealize Automation could have resulted in an attacker gaining access to a low-privileged account.

Identity Manager is an Identity as a Service (IDaaS) third-party authentication service and VRealize Automation is a cloud automation software program.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS