Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

VMWare vRealize Critical vulnerabilities due to SaltStack - VMSA-2020-0009

Published: 2020-05-09
Last Updated: 2020-05-09 14:05:27 UTC
by Rick Wanner (Version: 1)
0 comment(s)

VMWare has announced two vulnerabiliities in their vRealize product related to their integration of the popular open source server management software SaltStack, for which vulnerabilities were disclosed by F-Secure late last week.

CVE-2020-11651, is listed as a critical authentication bypass vulnerability

CVE-2020-11652, is listed as important and provides a mechanism for directory traversal.

The VMWare bulletin can be found here:



-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - - Twitter:namedeplume (Protected)

Keywords: saltstack VMWare
0 comment(s)
Diary Archives