CVE-2018-6980

VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vmwareCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
vmwarevrealize_log_insight
4.6 ≤
𝑥
< 4.6.2
vmwarevrealize_log_insight
4.7 ≤
𝑥
< 4.7.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105925
https://www.vmware.com/security/advisories/VMSA-2018-0028.html
http://www.securityfocus.com/bid/105925
https://www.vmware.com/security/advisories/VMSA-2018-0028.html