VMware vRealize Automation 7.0.x < 7.1 Multiple Vulnerabilities (VMSA-2016-0013)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

A device management application running on the remote host is affected
by multiple vulnerabilities.

Description :

The VMware vRealize Automation application running on the remote host
is version 7.0.x prior to 7.1. It is, therefore, affected by the
following vulnerabilities :

- An unspecified flaw exists that allows a local attacker
to elevate privileges from a low-privileged account to
root access. (CVE-2016-5335)

- An unspecified flaw exists that allows an
unauthenticated, remote attacker to execute code and
thereby gain access to a low privilege account on the
device. No other details are available. (CVE-2016-5336)

See also :


Solution :

Upgrade to VMware vRealize Automation version 7.1 or later.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 93191 ()

Bugtraq ID: 92607

CVE ID: CVE-2016-5335

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now