Important

VMSA-2020-0007.2
6.1 - 8.4
2020-04-14
2020-06-24
CVE-2020-3953, CVE-2020-3954
VMware vRealize Log Insight addresses Cross Site Scripting (XSS) and Open Redirect vulnerabilities (CVE-2020-3953, CVE-2020-3954)

Share this page on social media

Sign up for Security Advisories

1. Impacted Products

VMware vRealize Log Insight

2. Introduction

Cross Site Scripting (XSS) and Open Redirect vulnerabilities in vRealize Log Insight were privately reported to the VMware Security Response Center. Updates are available to remediate these vulnerabilities in vRealize Log Insight.

3a. Cross Site Scripting (XSS) vulnerabilities in vRealize Log Insight due to improper Input validation (CVE-2020-3953)

Description

vRealize Log Insight does not properly validate user input, resulting in XSS vulnerabilities. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.4.

Known Attack Vectors

A malicious actor with permissions equivalent to the predefined 'user' role may be able to add a malicious payload via the Log Insight UI which would be executed when the victim (another user or administrator) views this data in the UI (Stored XSS). Successful exploitation of this issue may result in a compromise of the victim's workstation.

Resolution

To remediate CVE-2020-3953 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Michał Bogdanowicz @STM Solutions [https://www.linkedin.com/in/micha%C5%82-bogdanowicz-603267a8/] and Michal Brzezicki @STM Solutions [https://www.linkedin.com/in/m-brzezicki/] for reporting this issue to us.

3b. Open Redirect vulnerability in vRealize Log Insight due to improper Input validation (CVE-2020-3954)

Description

vRealize Log Insight does not properly validate user input, resulting in an Open Redirect vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.1.

Known Attack Vectors

A malicious actor may be able to perform a phishing attack by sending a seemingly trusted URL for a vRLI deployment to a victim. Upon opening this URL the victim will be redirected to a location of the attacker's choosing. Successful exploitation of this issue may result in a compromise of the victim's workstation.

Resolution

To remediate CVE-2020-3954 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Michał Bogdanowicz @STM Solutions [https://www.linkedin.com/in/micha%C5%82-bogdanowicz-603267a8/] and Michal Brzezicki @STM Solutions [https://www.linkedin.com/in/m-brzezicki/] for reporting this issue to us.

 

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
vRealize Log Insight
8.x
Virtual Appliance
CVE-2020-3953
None
None
vRealize Log Insight
8.x
Virtual Appliance
CVE-2020-3954
None
None
vRealize Log Insight
4.x
Virtual Appliance
CVE-2020-3953
important
None
None
vRealize Log Insight
4.x
Virtual Appliance
CVE-2020-3954
moderate
None
None
4. References
5. Change Log

2020-04-14 VMSA-2020-0007
Initial security advisory.

 

2020-05-28: VMSA-2020-0007.1
It was determined that the fixes for CVE-2020-3953 included in 8.1.0 were not complete. This has been corrected in the 8.1.1 release.

2020-06-24: VMSA-2020-0007.2
Added remediation information for the vRealize Log Insight 4.x release line.

6. Contact

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

 

This Security Advisory is posted to the following lists: 

 security-announce@lists.vmware.com

 bugtraq@securityfocus.com

 fulldisclosure@seclists.org

 

E-mail: security@vmware.com

PGP key at:

https://kb.vmware.com/kb/1055 

 

VMware Security Advisories

https://www.vmware.com/security/advisories

 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html

 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html

 

VMware Security & Compliance Blog

https://blogs.vmware.com/security Twitterhttps://twitter.com/VMwareSRC


Copyright 2020 VMware Inc. All rights reserved.