ZX Security

VMWare vCloud API – Access Control vulnerability

Jason Xie found that if you have a local organisation administrator credentials, by using the API you can create, remove or revert snapshots of vApps and VMs located in another organisation’s VDC. While you can not then access those snapshots, this could have a significant impact for the target organisation.

Published on

For further details please see the ZX Security Advisory or the VMWare Release Notes.