Vulnerabilities > Vmware > Vrealize Automation > 7.2.0

DATE CVE VULNERABILITY TITLE RISK
2018-04-13 CVE-2018-6959 Session Fixation vulnerability in VMWare Vrealize Automation
VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs.
network
low complexity
vmware CWE-384
critical
9.8
2018-04-13 CVE-2018-6958 Cross-site Scripting vulnerability in VMWare Vrealize Automation
VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack.
network
low complexity
vmware CWE-79
6.1
2018-01-29 CVE-2017-4947 Deserialization of Untrusted Data vulnerability in VMWare Vrealize Automation and Vsphere Integrated Containers
VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon.
network
low complexity
vmware CWE-502
critical
9.8