CVE-2018-6980

CVE Database · CVE-2018-6980

CVE-2018-6980

· HIGHModified

CVSS v3.1

7.2

EPSS

1.44%

Published

Nov 13, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-863

Affected Products (2)

vmware · vrealize_log_insight (up to 4.6.2)vulnerable

vmware · vrealize_log_insight (up to 4.7.1)vulnerable

References (4)

http://www.securityfocus.com/bid/105925

Third Party AdvisoryVDB Entry

https://www.vmware.com/security/advisories/VMSA-2018-0028.html

PatchVendor Advisory

http://www.securityfocus.com/bid/105925

Third Party AdvisoryVDB Entry

https://www.vmware.com/security/advisories/VMSA-2018-0028.html

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs