VMware Patches Flaws in Identity and Cloud Products

VMware this week patched its Identity Manager and vRealize Automation products against privilege escalation and remote code execution vulnerabilities.

VMware this week patched a single vulnerability that pops up in two of its products that allows an attacker to elevate privileges on a compromised machine.

The virtualization company patched CVE-2016-5335 in its Identity Manager and vRealize Automation software.

“Exploitation of this issue may lead to an attacker with access to a low-privileged account to escalate their privileges to that of root,” VMware said in advisory VMSA-2016-0013.

VMware said Identity Manager users running version 2.x should move to 2.7, and vRealize Automation users on 7.0.x to move to 7.1

Identity Manager is VMware’s identity management service for the mobile cloud, the company said, adding that managers can provision application permissions, manage access controls and self service options, as well as enable single sign-on for SaaS, web, cloud and mobile applications.

vRealize Automation enables the deployment of applications and services across a cloud infrastructure.

VMware also patched a separate remote code execution flaw, CVE-2016-5336, in vRealize Automation.

“Exploitation of this issue may lead to an attacker gaining access to a low-privileged account on the appliance,” VMware said, adding that version 7.1 addresses the issue.

Suggested articles

MacOS LPE Exploit Gives Attackers Root Access

A researcher with the Twitter handle ‘Siguza’ published details of a macOS local privilege escalation vulnerability dating back to 2002 that could give an attacker root access to systems.


Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.