--- This is a critical security advisory from VMware (VMSA) ---
Today VMware has released the following new security advisory:
VMSA-2018-0009 – vRealize Automation (vRA) updates address multiple security issues
This documents the remediation of Important and Moderate severity issues (CVE-2018-6958 and CVE-2018-6959).
Issue (a) CVE-2018-6958 is a DOM-based cross-site scripting (XSS) vulnerability. Exploitation of this issue may lead to the compromise of the vRA user’s workstation.
Issue (b) CVE-2018-6959 is a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user’s session.
vRealize Automation 7.3.1 and 7.4.0 provide remediations for these vulnerabilities.
VMware would like to thank Oliver Matula and Benjamin Schwendemann of ERNW Enno Rey Netzwerke GmbH for reporting these issues to us.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Customers should review the security advisories and direct any questions to VMware Support.
The post New VMware Security Advisory VMSA-2018-0009 appeared first on VMware Security & Compliance Blog.