Allele Security Alert
ASA-2019-00163
Identifier(s)
ASA-2019-00163, CVE-2019-5523, VMSA-2019-0004
Title
Remote Session Hijack vulnerability
Vendor(s)
VMware
Product(s)
VMware vCloud Director for Service Providers (vCD)
Affected version(s)
VMware vCloud Director for Service Providers 9.5.x
Fixed version(s)
VMware vCloud Director for Service Providers 9.5.0.3
Proof of concept
Unknown
Description
VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.
Technical details
Unknown
Credits
Tyler Flaagan (Dakota State University), Eric Holm (Dakota State University), Andrew Kramer (Dakota State University) and Logan Stratton (Dakota State University)
Reference(s)
[Security-announce] New VMSA-2019-0004 – VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability
https://lists.vmware.com/pipermail/security-announce/2019/000453.html
VMSA-2019-0004
https://www.vmware.com/security/advisories/VMSA-2019-0004.html
CVE-2019-5523
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5523
CVE-2019-5523
https://nvd.nist.gov/vuln/detail/CVE-2019-5523
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: April 2, 2019