VMware vRealize Automation 6.2.1

CPE Details

VMware vRealize Automation 6.2.1
vmware
vrealize_automation
6.2.1
2016-12-29
18h57 +00:00
2016-12-29
18h57 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:vmware:vrealize_automation:6.2.1:*:*:*:*:*:*:*

Informations

Vendor

vmware

Product

vrealize_automation

Version

6.2.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-6958 2018-04-13 13h00 +00:00 VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation.
6.1
Medium
CVE-2018-6959 2018-04-13 13h00 +00:00 VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session.
9.8
Critical
CVE-2016-7460 2016-12-29 08h02 +00:00 The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
9.1
Critical
CVE-2015-2344 2016-03-16 09h00 +00:00 Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
5.4
Medium