CVE-2016-7457
critical
CVSS v3
10.0
CVSS v2
8.0
VIR risk
10.0
Description
VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.
Predictions
Exploit likelihood
98%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security@vmware.com — http://www.vmware.com/security/advisories/VMSA-2016-0016.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| vmware | vrealize_operations | 6.0.0 | |
| vmware | vrealize_operations | 6.1.0 | |
| vmware | vrealize_operations | 6.2.0a | |
| vmware | vrealize_operations | 6.2.1 | |
| vmware | vrealize_operations | 6.3.0 | |
References
- http://www.securityfocus.com/bid/93499
- http://www.securitytracker.com/id/1036999
- http://www.vmware.com/security/advisories/VMSA-2016-0016.html
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_us
- http://www.securityfocus.com/bid/93499
- http://www.securitytracker.com/id/1036999
- http://www.vmware.com/security/advisories/VMSA-2016-0016.html
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_us
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.