VMware fixes flaws in Identity Manager, vRealize Automation | SC Media
Patch management

VMware fixes flaws in Identity Manager, vRealize Automation

August 25, 2016

Cloud and virtualization software company VMware released security updates this week to address a local privilege escalation vulnerability in its VMware Identity Manager and vRealize Automation software, as well as a remote code execution vulnerability in the latter of the two products.

VMware characterized these flaws, respectively designated as CVE-2016-5335 and CVE-2016-5336,  as “important” in terms of severity. The privilege escalation vulnerability, if exploited, could have allowed an attacker to upgrade from a low-privilege account to root-access privileges, enabling full control of the affected machine. Meanwhile, the remote code execution vulnerability in VRealize Automation could have resulted in an attacker gaining access to a low-privileged account.

Identity Manager is an Identity as a Service (IDaaS) third-party authentication service and VRealize Automation is a cloud automation software program.

prestitial ad