VMware vRealize Automation Deserialization Vulnerability (VMSA-2018-0006)

Critical Nessus Plugin ID 106621

Synopsis

A device management application running on the remote host is affected by a deserialization vulnerability .

Description

The VMware vRealize Automation application running on the remote host is version 7.2 or 7.3 and is missing security patches indicated in the vendor advisory. It is, therefore, affected by a deserialization vulnerability.

Solution

Apply the fixes as indicated in the vendor advisory to VMware vRealize Automation.

See Also

https://www.vmware.com/security/advisories/VMSA-2018-0006.html

Plugin Details

Severity: Critical

ID: 106621

File Name: vmware_vrealize_automation_VMSA_2018_0006.nasl

Version: 1.4

Type: combined

Family: Misc.

Published: 2018/02/06

Modified: 2018/08/15

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:vmware:vrealize_automation

Patch Publication Date: 2018/01/26

Vulnerability Publication Date: 2018/01/26

Reference Information

CVE: CVE-2017-4947

BID: 102852

VMSA: 2018-0006