Detections
Analytics
VMware vRealize Automation Deserialization Vulnerability (VMSA-2018-0006)
critical Nessus Plugin ID 106621
Language:
Synopsis
A device management application running on the remote host is affected by a deserialization vulnerability .Description
The VMware vRealize Automation application running on the remote host is version 7.2 or 7.3 and is missing security patches indicated in the vendor advisory. It is, therefore, affected by a deserialization vulnerability.Solution
Apply the fixes as indicated in the vendor advisory to VMware vRealize Automation.See Also
https://www.vmware.com/security/advisories/VMSA-2018-0006.html
Plugin Details
Severity: Critical
ID: 106621
File Name: vmware_vrealize_automation_VMSA_2018_0006.nasl
Version: 1.6
Type: combined
Family: Misc.
Published: 2/6/2018
Updated: 11/8/2019
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:vmware:vrealize_automation
Exploit Ease: No known exploits are available
Patch Publication Date: 1/26/2018
Vulnerability Publication Date: 1/26/2018
Reference Information
CVE: CVE-2017-4947
BID: 102852
VMSA: 2018-0006