XML External Entity Issue in VMware vCenter Server and vRealize Automation
CVE-2016-7460
9.1CRITICAL
What is CVE-2016-7460?
The Single Sign-On feature in VMware vCenter Server and vRealize Automation contains a vulnerability that permits remote attackers to exploit XML External Entities. This exploitation can lead to unauthorized access to sensitive files or the potential to disrupt services through denial of service attacks. The issue primarily arises from the handling of XML documents that include external entity declarations, providing avenues for attackers to compromise the integrity and availability of the system.