First published: Fri Apr 13 2018(Updated: )
VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session.
Credit: security@vmware.com
Affected Software | Affected Version | How to fix |
---|---|---|
VMware vRealize Automation | <7.4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is CVE-2018-6959.
The title of this vulnerability is VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs.
The severity of CVE-2018-6959 is critical with a CVSS score of 9.8.
VMware vRealize Automation versions prior to 7.4.0 are affected by CVE-2018-6959.
Exploitation of this vulnerability may lead to the hijacking of a valid vRA user's session.