NEW VMSA-2016-0013 – VMware Identity Manager and vRealize Automation updates address multiple security issues

VMSA-2016-0013

VMware Identity Manager and vRealize Automation updates address multiple security issues

VMware Security Advisory
Advisory ID: VMSA-2016-0013
Severity: Important
Synopsis: VMware Identity Manager and vRealize Automation updates address multiple security issues
Issue date: 2016-08-23
Updated on: 2016-08-23 (Initial Advisory)
CVE numbers: CVE-2016-5335, CVE-2016-5336
1. Summary

VMware Identity Manager and vRealize Automation updates address multiple security issues

2. Relevant Products
  • VMware Identity Manager
  • vRealize Automation
3. Problem Description

a. VMware Identity Manager local privilege escalation vulnerability  

VMware Identity Manager and vRealize Automation both contain a vulnerability that may allow for a local privilege escalation. Exploitation of this issue may lead to an attacker with access to a low-privileged account to escalate their privileges to that of root.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has reserved the identifier CVE-2016-5335 for this issue.

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

b. vRealize Automation remote code execution vulnerability

vRealize Automation contains a vulnerability that may allow for remote code execution. Exploitation of this issue may lead to an attacker gaining access to a low-privileged account on the appliance.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has reserved the identifier CVE-2016-5336 for this issue.

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

 

4. Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

VMware Identity Manager 2.7

——————————————-

Downloads and Documentation

 

vRealize Automation 7.1

———————————-

Downloads and Documentation

 

5. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5335

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5336

https://kb.vmware.com/kb/2146585

 

6. Change log

2016-08-23 VMSA-2016-0013 Initial security advisory in conjunction with the release of vRealize Automation 7.1 on 2016-08-23.


Created on August 23, 2016 by Rick Scherer

Posted under Alert.

This blog has 1,493 views.

Tags: , , , ,

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Leave a Comment

Name (required)

Email (required)

Website

Comments

More Blog Post