PT-2023-7460 · Vmware · Vmware Vrealize Operations

Thiscodecc

Publicado

2023-01-31

Atualizado

2023-02-08

CVE-2023-20856

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions VMware vRealize Operations (vROps) (affected versions not specified)

Description The issue is related to insufficient authentication of executed requests in the vRealize Operations (vROps) tool, allowing a remote attacker to perform a CSRF attack. This could enable a malicious user to execute actions on the vROps platform on behalf of an authenticated victim user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

BDU:2023-08502

CVE-2023-20856

Produtos afetados

Vmware Vrealize Operations

PT-2023-7460 · Vmware · Vmware Vrealize Operations

CVE-2023-20856

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5