VMware this week patched a single vulnerability that pops up in two of its products that allows an attacker to elevate privileges on a compromised machine.
The virtualization company patched CVE-2016-5335 in its Identity Manager and vRealize Automation software.
“Exploitation of this issue may lead to an attacker with access to a low-privileged account to escalate their privileges to that of root,” VMware said in advisory VMSA-2016-0013.
VMware said Identity Manager users running version 2.x should move to 2.7, and vRealize Automation users on 7.0.x to move to 7.1
Identity Manager is VMware’s identity management service for the mobile cloud, the company said, adding that managers can provision application permissions, manage access controls and self service options, as well as enable single sign-on for SaaS, web, cloud and mobile applications.
vRealize Automation enables the deployment of applications and services across a cloud infrastructure.
VMware also patched a separate remote code execution flaw, CVE-2016-5336, in vRealize Automation.
“Exploitation of this issue may lead to an attacker gaining access to a low-privileged account on the appliance,” VMware said, adding that version 7.1 addresses the issue.
