Select Page

How to mitigate VMware vIDM local privilege escalation vulnerability

How to mitigate VMware vIDM local privilege escalation vulnerability

VMWare has issued a latest security advisory VMSA-2016-0013, which addresses two critical vulnerabilities of VMWare products – CVE-2016-5335 and CVE-2016-5336.

These are severe vulnerabilities that affect VMware Identity Manager and vRealize Automation software.

VMware vRealize Automation tool vRA is used in cloud environment to automate the delivery of infrastructure, applications and IT services.

VMware Identity Manager vIDM is used for application provisioning, conditional access controls and Single Sign-On (SSO) for cloud and mobile applications.

What is local privilege escalation vulnerability – CVE-2016-5335?

Every user account in a software application has a certain set of privileges assigned with it. A lower level user account will have only a limited set of privileges compared to a higher level account.

But a design flaw in the software helps the attacker, who gains access to a low privilege account, to obtain higher access. This is called a local privilege escalation vulnerability.

Local privilege escalation (CVE-2016-5335) can result in hackers gaining super user access and performing unauthorized actions in the system or accessing confidential information.

As a result, this vulnerability is a very critical one and the fix has to be done immediately to avoid compromising your data.

What is remote code execution vulnerability – CVE-2016-5336?

Remote code execution refers to executing arbitrary code from one machine on another machine, by accessing it via any exploits.

The hackers scan for open ports or vulnerable accounts in the applications and gain access to them. With this access, they can execute malicious code in the system.

Malicious remote code execution can lead to hackers gaining access to user’s privileges and obtaining critical information from your system.

To safeguard your information and system, it is critical to fix this vulnerability.

Get a FREE consultation

Do you spend all day answering technical support queries?

Wish you had more time to focus on your business? Let us help you.

We free up your time by taking care of your customers and servers. Our engineers monitor your servers 24/7, and support your customers over help desk, live chat and phone.

Talk to our technical support specialist today to know how we can keep your service top notch!


Bobcares provides Outsourced Hosting Support for online businesses. Our services include Outsourced Web Hosting Support, Outsourced Server Support, Outsourced Help Desk Support, Outsourced Live Chat Support and Phone Support Services.

Submit a Comment

Your email address will not be published. Required fields are marked *

Bobcares is a server management company that helps businesses deliver uninterrupted and secure online services. Our engineers manage close to 51,500 servers that include virtualized servers, cloud infrastructure, physical server clusters, and more.