Nutanix API Authentication Vulnerability April 2019

Nutanix API

It was discovered that functionality exposed by way of our Prism API provided inconsistent authentication requirements depending upon the endpoint being utilized. There are currently no customer reported instances of this exploit. Customers who use automation around Prism APIs may notice authentication issues with existing scripts that utilized the modified endpoints.

Affected Products

This table lists the minimum version where the fix is applied. An update to a version listed below, or any newer release than the version below, will resolve the issue :

ProductIssue Fixed Release version
AOSThe issue is resolved in the following releases or beyond:
5.10.3
5.5.9.1

Workaround No workaround exists for unpatched systems. Nutanix recommends you update to a version listed in this advisory immediately.
For information refer security advisory 13-v1.


….
Thank you
Receive my daily latest post in your e-mail inbox to keep yourself up to date.
Follow me through Single-click Follow button (Sign Up Not Required )