Workaround for CVE-2020-11651 and CVE-2020-11652

CVE-2020-11651, CVE-2020-11652 have not been patched yet, but there are some workarounds which you can use to address the mentioned VMware CVE’s.

VMware has published workarounds to address unpatched vulnerabilities in vRealize Operations Manager (vROps). A remote attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisory and apply the necessary mitigation(s).

Advisory IDVMSA-2020-0009
Advisory SeverityCritical
CVSSv3 Range7.5 – 10.0
SynopsisVMware vRealize Operations Manager addresses Authentication Bypass and Directory Traversal vulnerabilities (CVE-2020-11651, CVE-2020-11652)
Issue Date2020-05-08
Updated On2020-05-08 (Initial Advisory)
CVE(s)CVE-2020-11651, CVE-2020-11652

Share this info: