CVE-2018-6980

CWE-863Incorrect Authorization3 documents3 sources
Severity
7.2HIGH
EPSS
0.3%
top 46.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware Vrealize LOG InsightVmware Vmware Vrealize LOG Insight
Timeline
PublishedNov 13
Latest updateMay 13

Description

VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDvmware/vrealize_log_insight4.64.6.2+1
CVEListV5vmware/vmware_vrealize_log_insightVVMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2)

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-pvc9-qr25-w7jc: VMware vRealize Log Insight (42022-05-13
CVEList
CVE-2018-6980: VMware vRealize Log Insight (42018-11-13
CVE-2018-6980 (HIGH CVSS 7.2) | VMware vRealize Log Insight (4.7.x | cvebase.io