Remote File Exposure in VMware Identity Manager and vRealize Automation
CVE-2016-5334
5.3MEDIUM
Key Information:
- Vendor
- Vmware
- Vendor
- CVE Published:
- 29 December 2016
Summary
VMware Identity Manager and vRealize Automation contain a vulnerability that allows remote attackers to access sensitive files, specifically within the /SAAS/WEB-INF and /SAAS/META-INF directories. This inadvertent exposure can enable attackers to gain insights into the application's backend configurations and sensitive information, potentially leading to further exploitation. It is important for users of these products to implement mitigations and ensure they are running the latest versions to protect against this vulnerability.
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved