VMware vRealize Automation 7.0.x / 7.1.x / 7.2.x / 7.3.x Session IDs Handling Vulnerability (VMSA-2018-0009)
High Nessus Plugin ID 119038
SynopsisA virtualization appliance installed on the remote host is affected by vulnerability in session tokens handling mechanisms.
DescriptionThe version of VMware vRealize Automation installed on the remote host is 7.0.x, 7.1.x, 7.2.x, or 7.3.x. It is, therefore, affected by a vulnerability in handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session.
SolutionUpgrade to VMware vRealize Automation version 7.4.0 or later.