Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: VMWare vRealize Critical vulnerabilities due to SaltStack - VMSA-2020-0009 SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
VMWare vRealize Critical vulnerabilities due to SaltStack - VMSA-2020-0009

VMWare has announced two vulnerabiliities in their vRealize product related to their integration of the popular open source server management software SaltStack, for which vulnerabilities were disclosed by F-Secure late last week.

CVE-2020-11651, is listed as a critical authentication bypass vulnerability

CVE-2020-11652, is listed as important and provides a mechanism for directory traversal.

The VMWare bulletin can be found here: https://www.vmware.com/security/advisories/VMSA-2020-0009.html

 

 

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Rick

303 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!