Remote File Exposure in VMware Identity Manager and vRealize Automation
CVE-2016-5334

5.3MEDIUM

Key Information:

Vendor
Vmware
Status
Identity Manager
Vrealize Automation
Vendor
CVE Published:
29 December 2016

Summary

VMware Identity Manager and vRealize Automation contain a vulnerability that allows remote attackers to access sensitive files, specifically within the /SAAS/WEB-INF and /SAAS/META-INF directories. This inadvertent exposure can enable attackers to gain insights into the application's backend configurations and sensitive information, potentially leading to further exploitation. It is important for users of these products to implement mitigations and ensure they are running the latest versions to protect against this vulnerability.

References

http://www.securitytracker.com/id/1037326
vdb-entryx_refsource_SECTRACK
http://www.vmware.com/security/advisories/VMSA-2016-0021....
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94482
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.