XML External Entity Vulnerability in VMware vSphere Client
CVE-2016-7458

5.8MEDIUM

Key Information:

Vendor
Vmware
Vendor
CVE Published:
29 December 2016

Summary

The VMware vSphere Client, in its 5.5 version prior to U3e and 6.0 version prior to U2a, is susceptible to a vulnerability that enables remote attackers to access arbitrary files. This is achieved through the exploitation of an XML document that contains an external entity declaration combined with an entity reference. This issue poses a significant risk as it could potentially expose sensitive information to unauthorized users.

References

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.