CVE-2016-7458

5.8MEDIUM

Key Information:

Vendor
Vmware
Status
Vsphere Client
Vendor
CVE Published:
29 December 2016

Summary

VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References

http://www.vmware.com/security/advisories/VMSA-2016-0022....
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94483
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037328
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.