The bugs exist in the company s vRealize Automation and Business Advanced and Enterprise platforms. Linux users running 6.x and 8.x versions of the software aren t affected, according to a security advisory issued by the company on Tuesday. The issue in Automation was dug up by independent researcher Lukasz Plonka while the issue in the Business and Enterprise version was discovered by Alvaro Trigo Martin de Vidales, a senior IT security consultant with Deloitte Spain.
Source: https://threatpost.com/vmware-patches-xss-vulnerabilities-in-vrealize-products/116810/