CVE-2018-6980
Last modified
CVE-2018-6980 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.. EPSS estimates a 1.44% chance of exploitation in the next 30 days.
Description
VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Vrealize Log Insight | >= 4.6, < 4.6.2 |
| Vmware | Vrealize Log Insight | >= 4.7, < 4.7.1 |
References
- http://www.securityfocus.com/bid/105925Third Party Advisory, VDB Entry
- https://www.vmware.com/security/advisories/VMSA-2018-0028.htmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/105925Third Party Advisory, VDB Entry
- https://www.vmware.com/security/advisories/VMSA-2018-0028.htmlPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-6980?
How severe is CVE-2018-6980?
How do I fix CVE-2018-6980?
Are you affected by CVE-2018-6980?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST