CVE-2018-6958
CVSS4.3
发布时间 :2018-04-13 09:29:00
修订时间 :2018-05-16 11:20:50
NMPS    

[原文]VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-79 [在Web页面生成时对输入的转义处理不恰当(跨站脚本)]

- CPE (受影响的平台与产品)

cpe:/a:vmware:vrealize_automation:6.0.0
cpe:/a:vmware:vrealize_automation:6.0.1
cpe:/a:vmware:vrealize_automation:6.0.1.1
cpe:/a:vmware:vrealize_automation:6.0.1.2
cpe:/a:vmware:vrealize_automation:6.1.0
cpe:/a:vmware:vrealize_automation:6.1.1
cpe:/a:vmware:vrealize_automation:6.2.0
cpe:/a:vmware:vrealize_automation:6.2.1
cpe:/a:vmware:vrealize_automation:6.2.2
cpe:/a:vmware:vrealize_automation:6.2.3
cpe:/a:vmware:vrealize_automation:6.2.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6958
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6958
(官方数据源) NVD

- 其它链接及资源

http://www.securityfocus.com/bid/103752
(VENDOR_ADVISORY)  BID  103752
http://www.securitytracker.com/id/1040676
(VENDOR_ADVISORY)  SECTRACK  1040676
http://www.vmware.com/security/advisories/VMSA-2018-0009.html
(VENDOR_ADVISORY)  CONFIRM  http://www.vmware.com/security/advisories/VMSA-2018-0009.html

- 漏洞信息 (F147177)

VMware Security Advisory 2018-0009 (PacketStormID:F147177)
2018-04-12 00:00:00
VMware  vmware.com
advisory
CVE-2018-6958,CVE-2018-6959
[点击下载]

VMware Security Advisory 2018-0009 - vRealize Automation (vRA) updates address multiple security issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

                               VMware Security Advisory

Advisory ID: VMSA-2018-0009
Severity:    Important
Synopsis:    vRealize Automation updates address
             multiple security issues.
Issue date:  2018-04-12
Updated on:  2018-04-12 (Initial Advisory)
CVE number:  CVE-2018-6958, CVE-2018-6959

1. Summary

   vRealize Automation (vRA) updates address
   multiple security issues.

2. Relevant Products

   vRealize Automation (vRA)

3. Problem Description

   a. DOM-based cross-site scripting (XSS) vulnerability

   VMware vRealize Automation contains a vulnerability that may allow
   for a DOM-based cross-site scripting (XSS) attack. Exploitation of
   this issue may lead to the compromise of the vRA user's workstation.

   VMware would like to thank Oliver Matula and Benjamin Schwendemann
   of ERNW Enno Rey Netzwerke GmbH for reporting this issue to us.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the identifier CVE-2018-6958 to this issue.

   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware      Product    Running            Replace with/     Mitigation/
   Product     Version    on       Severity  Apply Patch       Workaround
   ==========  =========  =======  ========  ================  ==========
   vRA         7.3.x      VA        Important 7.3.1              None
   vRA         7.2.x      VA       Important 7.3.1              None
   vRA         7.1.x      VA        Important 7.3.1              None
   vRA         7.0.x      VA       Important 7.3.1              None
   vRA         6.2.x      VA       N/A       not affected       N/A


   b. Missing renewal of session tokens vulnerability

   VMware vRealize Automation contains a vulnerability in the handling
   of session IDs. Exploitation of this issue may lead to the hijacking
   of a valid vRA user's session.

   VMware would like to thank Oliver Matula and Benjamin Schwendemann
   of ERNW Enno Rey Netzwerke GmbH for reporting this issue to us.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the identifier CVE-2018-6959 to this issue.

   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware      Product    Running            Replace with/     Mitigation/
   Product     Version    on       Severity  Apply Patch       Workaround
   ==========  =========  =======  ========  ================  ==========
   vRA         7.3.x      VA        Moderate  7.4.0              None
   vRA         7.2.x      VA       Moderate  7.4.0              None
   vRA         7.1.x      VA        Moderate  7.4.0              None
   vRA         7.0.x      VA       Moderate  7.4.0              None
   vRA         6.2.x      VA       N/A       not affected       N/A


4. Solution

   Please review the patch/release notes for your product and version and
   verify the checksum of your downloaded file.

   vRealize Automation 7.3.1
   Downloads:
   https://my.vmware.com/web/vmware/info/slug/
   infrastructure_operations_management/vmware_vrealize_automation/7_3
   Documentation:
   https://docs.vmware.com/en/vRealize-Automation/index.html

   vRealize Automation 7.4.0
   Downloads:
   https://my.vmware.com/web/vmware/info/slug/
   infrastructure_operations_management/vmware_vrealize_automation/7_4
   Documentation:
   https://docs.vmware.com/en/vRealize-Automation/index.html


5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6958
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6959

- -------------------------------------------------------------------------

6. Change log

   2018-04-12 VMSA-2018-0009
   Initial security advisory in conjunction with the release of
   vRealize Automation 7.4.0 on 2018-04-12

- -------------------------------------------------------------------------
7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

     security-announce@lists.vmware.com
     bugtraq@securityfocus.com
     fulldisclosure@seclists.org

   E-mail: security@vmware.com
   PGP key at: https://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html

   VMware Security & Compliance Blog
   https://blogs.vmware.com/security

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2018 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.4.1 (Build 490)
Charset: utf-8

wj8DBQFaz10uDEcm8Vbi9kMRAvTKAKD3Iwy3sJANhn+Sqf9TQJ0aYh31JQCgsYat
ElKsG4vJEpt+AhOtn8em1yU=
=n+Gt
-----END PGP SIGNATURE-----
    

- 漏洞信息

VMware vRealize Automation Cross Site Scripting and Session Hijacking Vulnerabilities
Input Validation Error 103752
Yes No
2018-04-12 12:00:00 2018-04-12 12:00:00
Oliver Matula and Benjamin Schwendemann of ERNW Enno Rey Netzwerke GmbH

- 受影响的程序版本

VMWare vRealize Automation 7.2
VMWare vRealize Automation 7.3.0
VMWare vRealize Automation 7.1
VMWare vRealize Automation 7.0
,VMWare vRealize Automation 7.4
VMWare vRealize Automation 7.3.1

- 不受影响的程序版本

VMWare vRealize Automation 7.4
VMWare vRealize Automation 7.3.1

- 漏洞讨论

VMware vRealize Automation is prone to a cross-site scripting vulnerability and a session-hijacking vulnerability.

An attacker may leverage these issues to hijack an arbitrary session and gain unauthorized access to the affected application or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

- 漏洞利用

Attackers can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站