Following our belief that knowledge must be shared, ERNW Insight focuses on finding and developing the best ways to make ERNW knowledge accessible to all (e.g. by hosting ERNW’s TROOPERS conference).
During a recent customer project we identified several vulnerabilities in the VMware vRealize Automation Center such as a DOM-based cross-site scripting and a missing renewal of session tokens during the login. The vulnerabilities have been disclosed to VMware on November 20th, 2017. A security advisory for the vulnerabilities has been made available here on April […]