VMware Security Advisory
Advisory ID: VMSA-2016-0011
Synopsis: vRealize Log Insight update addresses directory traversal
Issue date: 2016-08-11
Updated on: 2016-08-11 (Initial Advisory)
CVE number: CVE-2016-5332
vRealize Log Insight update addresses directory traversal vulnerability.
2. Relevant Products
vRealize Log Insight
3. Directory traversal vulnerability in vRealize Log Insight
vRealize Log Insight contains a vulnerability that may allow for a directory
traversal attack. Exploitation of this issue may lead to a partial information
disclosure. There are no known workarounds for this issue.
VMware would like to thank Peter Nelson, Security Engineer at WakeMed Health
& Hospitals for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the identifier CVE-2016-5332 to this issue.
Column 5 of the following table lists the action required to remediate the
vulnerability in each release, if a solution is available.
VMware Product Running Replace with/
Product Version on Severity Apply Patch Workaround
==================== ======= ======= ======== ============= ==========
vRealize Log Insight 3.x VA Moderate 3.6.0 None
vRealize Log Insight 2.x VA Moderate 3.6.0 None
Please review the patch/release notes for your product and version and verify
the checksum of your downloaded file.
vRealize Log Insight 3.6.0
Downloads and Documentation:
6. Change log
2016-08-11 VMSA-2016-0011 Initial security advisory in conjunction with the
release of vRealize Log Insight 3.6.0 on 2016-08-11.
Created on August 12, 2016 by Rick Scherer
Posted under Alert.
This blog has 1,487 views.