XML External Entity Vulnerability in VMware vSphere Client
CVE-2016-7458
5.8MEDIUM
Summary
The VMware vSphere Client, in its 5.5 version prior to U3e and 6.0 version prior to U2a, is susceptible to a vulnerability that enables remote attackers to access arbitrary files. This is achieved through the exploitation of an XML document that contains an external entity declaration combined with an entity reference. This issue poses a significant risk as it could potentially expose sensitive information to unauthorized users.
References
CVSS V3.1
Score:
5.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved