VMware vRealize Operations Manager ver 6.x < 6.40 Suite API CollectorHttpRelayController RelayRequest Object DiskFileItem Deserialization DoS

high Nessus Plugin ID 95441

Language:

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 5.1

Synopsis

A cloud operations management application running on the remote web server is affected by a denial of service vulnerability.

Description

The version of VMware vRealize Operations (vROps) Manager running on the remote web server is 6.x prior to 6.40. It is, therefore, affected by a flaw in the Suite API CollectorHttpRelayController component due to improper validation of DiskFileItem objects stored in the 'relay-request' XML before attempting deserialization. An authenticated, remote attacker can exploit this issue, via a specially crafted DiskFileItem object embedded in the XML, to move or write arbitrary content to files, resulting in a denial of service condition.

Solution

Upgrade to VMware vRealize Operations Manager version 6.40 or higher.

See Also

https://www.vmware.com/security/advisories/VMSA-2016-0020.html

https://www.tenable.com/security/research/tra-2016-34

Plugin Details

Severity: High

ID: 95441

File Name: vmware_vrealize_operations_manager_v640_deserialization.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 12/1/2016

Updated: 2/26/2019

Dependencies: 91340

Risk Information

Risk Factor: High

VPR Score: 5.1

CVSS Score Source: CVE-2016-7462

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 8.5

Temporal Score: 7.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:vmware:vrealize_operations

Required KB Items: installed_sw/vRealize Operations Manager

Exploit Ease: No exploit is required

Patch Publication Date: 11/15/2016

Vulnerability Publication Date: 11/15/2016

Reference Information

CVE: CVE-2016-7462

BID: 94351