1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VMware fixes XSS flaws in vRealize for Linux

Discussion in 'Network World' started by RSS, Mar 17, 2016.

  1. RSS

    RSS New Member Member

    VMware patched two cross-site scripting issues in several editions of its vRealize cloud software. These flaws could be exploited in stored XSS attacks and could result in the user's workstation being compromised.

    The input validation error exists in Linux versions of VMware vRealize Automation 6.x prior to 6.2.4 and vRealize Business Advanced and Enterprise 8.x prior to 8.2.5, VMware said in the advisory (VMSA-2016-0003). Linux users running affected versions should update to vRealize Automation 6.2.4 and vRealize Business Advanced and Enterprise 8.2.5 to address the problems. The issues do not affect vRealize Automation 7.x on Linux and 5.x on Windows, and vRealize Business 7.x and 6.x on Linux (vRealize Business Standard).

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page