VMware vRealize Automation 7.0.x < 7.1 Multiple Vulnerabilities (VMSA-2016-0013)
High Nessus Plugin ID 93191
SynopsisA device management application running on the remote host is affected by multiple vulnerabilities.
DescriptionThe VMware vRealize Automation application running on the remote host is version 7.0.x prior to 7.1. It is, therefore, affected by the following vulnerabilities :
- An unspecified flaw exists that allows a local attacker to elevate privileges from a low-privileged account to root access. (CVE-2016-5335)
- An unspecified flaw exists that allows an unauthenticated, remote attacker to execute code and thereby gain access to a low privilege account on the device. No other details are available. (CVE-2016-5336)
SolutionUpgrade to VMware vRealize Automation version 7.1 or later.