{"api_version":"1","generated_at":"2026-05-14T15:29:29+00:00","cve":"CVE-2018-6980","urls":{"html":"https://cve.report/CVE-2018-6980","api":"https://cve.report/api/cve/CVE-2018-6980.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-6980","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-6980"},"summary":{"title":"CVE-2018-6980","description":"VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.","state":"PUBLIC","assigner":"security@vmware.com","published_at":"2018-11-13 22:29:00","updated_at":"2019-10-03 13:33:00"},"problem_types":["CWE-863"],"metrics":[],"references":[{"url":"https://www.vmware.com/security/advisories/VMSA-2018-0028.html","name":"https://www.vmware.com/security/advisories/VMSA-2018-0028.html","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"VMSA-2018-0028","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/105925","name":"105925","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"VMware vRealize Log Insight CVE-2018-6980 Authorization Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-6980","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6980","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"6980","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"vrealize_log_insight","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6980","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"vrealize_log_insight","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@vmware.com","ID":"CVE-2018-6980","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"VMware vRealize Log Insight","version":{"version_data":[{"version_value":"VVMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2)"}]}}]},"vendor_name":"VMware"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Authorization bypass vulnerability"}]}]},"references":{"reference_data":[{"name":"https://www.vmware.com/security/advisories/VMSA-2018-0028.html","refsource":"CONFIRM","url":"https://www.vmware.com/security/advisories/VMSA-2018-0028.html"},{"name":"105925","refsource":"BID","url":"http://www.securityfocus.com/bid/105925"}]}},"nvd":{"publishedDate":"2018-11-13 22:29:00","lastModifiedDate":"2019-10-03 13:33:00","problem_types":["CWE-863"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"4.6.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"4.7.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"6980","Ordinal":"123214","Title":"CVE-2018-6980","CVE":"CVE-2018-6980","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"6980","Ordinal":"1","NoteData":"VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"6980","Ordinal":"2","NoteData":"2018-11-13","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"6980","Ordinal":"3","NoteData":"2018-11-15","Type":"Other","Title":"Modified"}]}}}