Home > Blogs > VMware Security & Compliance Blog > Monthly Archives: April 2018

Monthly Archives: April 2018

NVIDIA GPU Display Driver Security Updates for Multiple Vulnerabilities

Greetings from the VMware Response Center!

Today we wanted to make you aware that NVIDIA has released a security bulletin entitled NVIDIA GPU Display Driver Security Updates for Multiple Vulnerabilities which details some NVIDIA GPU Display Driver Vulnerabilities and remediation.

CVE-2018-6251 and CVE-2018-6253 have been shown to affect VMware Workstation, but they are not something that we can fully resolve from our end. Therefore, we wanted to make sure you were informed of these issues so that they can be appropriately resolved. In addition, enterprise customers should check the NVIDIA Enterprise Dashboard for additional information.

Customers should review the available documentation and direct technical inquiries to VMware Support for further assistance.

New VMware Security Advisory VMSA-2018-0010

Today VMware has released the following new security advisory:

VMSA-2018-0010Horizon DaaS update addresses a broken authentication issue

This documents the remediation of a moderate severity issue (CVE-2018-6960) in VMware Horizon DaaS that may allow an attacker to bypass two-factor authentication. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.

All VMware Horizon DaaS 7.x versions are affected. This issue has been addressed in VMware Horizon DaaS 8.0.0.

We would like to thank Peter Ivezaj, President – Digital Upkeep for reporting this issue to us.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.

New VMware Security Advisory VMSA-2018-0009

Today VMware has released the following new security advisory:

VMSA-2018-0009  – vRealize Automation (vRA) updates address multiple security issues

This documents the remediation of Important and Moderate severity issues (CVE-2018-6958  and CVE-2018-6959).

Issue (a)  CVE-2018-6958 is a DOM-based cross-site scripting (XSS) vulnerability. Exploitation of this issue may lead to the compromise of the vRA user’s workstation.

Issue (b) CVE-2018-6959 is a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user’s session.

vRealize Automation 7.3.1 and 7.4.0 provide remediations for these vulnerabilities.

VMware would like to thank Oliver Matula and Benjamin Schwendemann of ERNW Enno Rey Netzwerke GmbH for reporting these issues to us.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.