İlgili açık  sadece ARC (Application Remote Collector) appliance larını etkilemektedir.Bu appliance vRealize Operations ile birlikte Application Monitoring yapılmak istenmektedir.

Advisory ID VMSA-2020-0009
Advisory Severity Critical
CVSSv3 Range 7.5 – 10.0
Synopsis VMware vRealize Operations Manager addresses Authentication Bypass and Directory Traversal vulnerabilities (CVE-2020-11651, CVE-2020-11652)
Issue Date 2020-05-08
Updated On 2020-05-08 (Initial Advisory)
CVE(s) CVE-2020-11651, CVE-2020-11652

 

VMware vRealize Operations Manager

VMware vRealize Operations Manager (vROps) addresses Authentication Bypass (CVE-2020-11651) and Directory Traversal (CVE-2020-11652) vulnerabilities.

 

Product Version Running On CVE Identifier CVSSV3 Severity Fixed Version Workarounds Additional Documentation
vROps 8.1.0 Virtual Appliance CVE-2020-11651, CVE-2020-11652 10.0 Critical Updates Pending KB79031 None
vROps 8.0.x Virtual Appliance CVE-2020-11651, CVE-2020-11652 10.0 Critical Updates Pending KB79031 None
vROps 7.5.0 Virtual Appliance CVE-2020-11651, CVE-2020-11652 10.0 Critical Updates Pending KB79031 None
vROps 7.0.0 Virtual Appliance CVE-2020-11651, CVE-2020-11652