Patch/Configuration Management, Vulnerability Management

VMware fixes flaws in Identity Manager, vRealize Automation

Cloud and virtualization software company VMware released security updates this week to address a local privilege escalation vulnerability in its VMware Identity Manager and vRealize Automation software, as well as a remote code execution vulnerability in the latter of the two products.

VMware characterized these flaws, respectively designated as CVE-2016-5335 and CVE-2016-5336,  as “important” in terms of severity. The privilege escalation vulnerability, if exploited, could have allowed an attacker to upgrade from a low-privilege account to root-access privileges, enabling full control of the affected machine. Meanwhile, the remote code execution vulnerability in VRealize Automation could have resulted in an attacker gaining access to a low-privileged account.

Identity Manager is an Identity as a Service (IDaaS) third-party authentication service and VRealize Automation is a cloud automation software program.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Related

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.