VMWare has announced two vulnerabiliities in their vRealize product related to their integration of the popular open source server management software SaltStack, for which vulnerabilities were disclosed by F-Secure late last week. CVE-2020-11651, is listed as a critical authentication bypass vulnerability CVE-2020-11652, is listed as important and provides a mechanism for directory traversal. The VMWare bulletin can be found here: https://www.vmware.com/security/advisories/VMSA-2020-0009.html
-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) |
Rick 324 Posts ISC Handler May 9th 2020 |
Thread locked Subscribe |
May 9th 2020 2 years ago |
Sign Up for Free or Log In to start participating in the conversation!