1036078

http://www.vmware.com/security/advisories/VMSA-2016-0008.html

The VMware vRealize Log Insight application running on the remote host is 2.x or 3.x prior to 3.3.2. It is, therefore, affected by multiple vulnerabilities :

  - A cross-site scripting (XSS) vulnerability exists due to     improper validation of user-supplied input before     returning it to users. An unauthenticated, remote     attacker can exploit this, via a specially crafted     request, to execute arbitrary script code in a user's     browser session. (CVE-2016-2081)

  - A cross-site request forgery (XSRF) vulnerability exists     due to a failure to require multiple steps, explicit     confirmation, or a unique token when performing certain     sensitive actions. An unauthenticated, remote attacker     can exploit this, by convincing a user to follow a     specially crafted link, to hijack the authentication of     the user and replace trusted content in the UI.
    (CVE-2016-2082)

CVE-2016-2082

high

Tenable Plugins

high