VMware has revealed “important” flaws in VMware Identity Manager and vRealize Automation.
Both products “contain a vulnerability that may allow for a local privilege escalation. Exploitation of this issue may lead to an attacker with access to a low-privileged account to escalate their privileges to that of root.”
vRealize Automation also “contains a vulnerability that may allow for remote code execution,” exploitation of which “may lead to an attacker gaining access to a low-privileged account on the appliance.”
The fix is in: Identity Manager 2.7 fixes the problems, as does vRealize Automation 7.1. The latter was released today and adds a new Integration Framework for IPAM and out of the box support for Active Directory policies. ®