Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title - vRealize Log Insight update addresses directory traversal vulnerability.
Informations
Name VMSA-2016-0003 First vendor Publication 2016-03-15
Vendor VMware Last vendor Modification 2016-08-11
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

vRealize Log Insight contains a vulnerability that may allow for a directory traversal attack. Exploitation of this issue may lead to a partial information disclosure. There are no known workarounds for this issue.

VMware would like to thank Peter Nelson, Security Engineer at WakeMed Health & Hospitals for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2016-5332 to this issue.

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

Original Source

Url : http://www.vmware.com/security/advisories/VMSA-2016-0003.html

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
33 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 10
Application 9
Application 5

Nessus® Vulnerability Scanner

Date Description
2016-08-19 Name : A log management application running on the remote host is affected by a dire...
File : vmware_vrealize_log_insight_vmsa-2016-0011.nasl - Type : ACT_GATHER_INFO
2016-04-27 Name : A device management application running on the remote host is affected by a s...
File : vmware_vrealize_automation_VMSA_2016_003.nasl - Type : ACT_GATHER_INFO
2016-04-06 Name : The remote host has a web application installed that is affected by a stored ...
File : vmware_vrealize_business_vmsa-2016-003.nasl - Type : ACT_GATHER_INFO
2016-01-08 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0003.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2016-12-03 09:26:49
  • Multiple Updates
2016-08-12 17:24:01
  • Multiple Updates
2016-04-28 13:28:17
  • Multiple Updates
2016-04-07 13:26:05
  • Multiple Updates
2016-03-18 00:24:54
  • Multiple Updates
2016-03-16 13:29:17
  • Multiple Updates
2016-03-15 21:23:56
  • First insertion