CVE-2018-6980

HIGH

VMware vRealize Log Insight 4.6-4.6.1 and 4.7 < 4.7.1 - Incorrect Authorization in User Registration Method

Title source: llm
STIX 2.1

Description

VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.vmware.com/security/advisories/VMSA-2018-0028.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105925

Scores

CVSS v3 7.2
EPSS 0.0030
EPSS Percentile 53.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-863
Status published
Products (1)
vmware/vrealize_log_insight 4.6 - 4.6.2
Published Nov 13, 2018
Tracked Since Feb 18, 2026