XML External Entity Vulnerability in VMware vSphere Client
CVE-2016-7458

5.8MEDIUM

Key Information:

Vendor
Vmware
Status
Vsphere Client
Vendor
CVE Published:
29 December 2016

Summary

The VMware vSphere Client, in its 5.5 version prior to U3e and 6.0 version prior to U2a, is susceptible to a vulnerability that enables remote attackers to access arbitrary files. This is achieved through the exploitation of an XML document that contains an external entity declaration combined with an entity reference. This issue poses a significant risk as it could potentially expose sensitive information to unauthorized users.

References

http://www.vmware.com/security/advisories/VMSA-2016-0022....
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94483
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037328
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.