I discovered a new unknown vulnerability in vRops 6.3 on my home lab, this allowed me to obtain the Administrator role from a lower non privileged role…
I informed VMware which were very responsive and patched the bug, the announcement from VMWare can be found over at the VMware Security Blog or over at security advisories: VMSA-2016-0016
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7457
https://kb.vmware.com/kb/2147215
https://kb.vmware.com/kb/2147247
https://kb.vmware.com/kb/2147246
https://kb.vmware.com/kb/2147248
vMan
Recent Comments