TTCSIRT-307.041520: TT-CSIRT ADVISORY – VMWARE VREALIZE LOG INSIGHT VULNERABILITIES

TTCSIRT-307.041520: TT-CSIRT ADVISORY – VMWARE VREALIZE LOG INSIGHT VULNERABILITIES

Cross Site Scripting (XSS) and Open Redirect vulnerabilities exist in vRealize Log Insight due to improper Input validation; (CVE-2020-3953) and (CVE-2020-3954) respectively.

VMware has evaluated the severity of these issues to be in the important and moderate severity ranges with the Cross Site Scripting vulnerability having a maximum CVSSv3 base score of 8.4 and Open Redirect vulnerability reflecting a moderate severity range with a maximum CVSSv3 base score of 6.1

For further reference and to remediate CVE-2020-3953 and CVE-2020-3954 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ by following the link below:

https://www.vmware.com/security/advisories/VMSA-2020-0007.html

The Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) encourages users and administrators to review and apply the necessary updates.