VMwareVMSA-2020-0007.2VMware vRealize Log Insight addresses Cross Site Scripting (XSS) and Open Redirect vulnerabilities (CVE-2020-3953, CVE-2020-3954)
3a. Cross Site Scripting (XSS) vulnerabilities in vRealize Log Insight due to improper Input validation (CVE-2020-3953)
vRealize Log Insight does not properly validate user input, resulting in XSS vulnerabilities. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.4.
3b. Open Redirect vulnerability in vRealize Log Insight due to improper Input validation (CVE-2020-3954)
vRealize Log Insight does not properly validate user input, resulting in an Open Redirect vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.1.
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3953
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3954
my.vmware.com/web/vmware/details?downloadGroup=VRLI-811&productId=993&rPId=47157
my.vmware.com/web/vmware/details?productId=993&rPId=47157&downloadGroup=VRLI-810
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Related
