VMWare vCloud API – Access Control vulnerability

Jason Xie found that if you have a local organisation administrator credentials, by using the API you can create, remove or revert snapshots of vApps and VMs located in another organisation’s VDC. While you can not then access those snapshots, this could have a significant impact for the target organisation.

Published on 21st April 2020

For further details please see the ZX Security Advisory or the VMWare Release Notes.

Sidebar

Insights

View all insights

Green Team Tree Planting at Ōwhiro Bay

26th June 2023

ZX Green Team gets muddy planting native trees.

View insight: Green Team Tree Planting at Ōwhiro Bay

Events

View all events

BSides San Francisco

4 May to 5 May 2024

CityView at SF Metreon

BSidesSF is an Information / Security conference that's different. Presenters at BSides SF conferences are engaging the participants and getting the discussions started on the "Next Big Thing", not preaching at you from the podium about last month's news.

View event: BSides San Francisco