Cloud and virtualization software company VMware released security updates this week to address a local privilege escalation vulnerability in its VMware Identity Manager and vRealize Automation software, as well as a remote code execution vulnerability in the latter of the two products.
VMware characterized these flaws, respectively designated as CVE-2016-5335 and CVE-2016-5336, as “important” in terms of severity. The privilege escalation vulnerability, if exploited, could have allowed an attacker to upgrade from a low-privilege account to root-access privileges, enabling full control of the affected machine. Meanwhile, the remote code execution vulnerability in VRealize Automation could have resulted in an attacker gaining access to a low-privileged account.
Identity Manager is an Identity as a Service (IDaaS) third-party authentication service and VRealize Automation is a cloud automation software program.