CVE-2018-6980
Summary
| CVE | CVE-2018-6980 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-11-13 22:29:00 UTC |
| Updated | 2019-10-03 13:33:00 UTC |
| Description | VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform. |
Risk And Classification
Problem Types: CWE-863
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Vmware | Vrealize Log Insight | All | All | All | All |
| Application | Vmware | Vrealize Log Insight | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VMSA-2018-0028 | CONFIRM | www.vmware.com | Patch, Vendor Advisory |
| VMware vRealize Log Insight CVE-2018-6980 Authorization Bypass Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.