cvelistv5 - cve-2016-7458

CVE-2016-7458 (GCVE-0-2016-7458)

Vulnerability from cvelistv5 – Published: 2016-12-29 09:02 – Updated: 2024-08-06 01:57

Summary

VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Severity ?

No CVSS data available.

CWE

Assigner

vmware

References

URL

Tags

	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/94483	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1037328	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:57:47.647Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
          },
          {
            "name": "94483",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94483"
          },
          {
            "name": "1037328",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037328"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-27T09:57:01",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
        },
        {
          "name": "94483",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94483"
        },
        {
          "name": "1037328",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037328"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2016-7458",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
            },
            {
              "name": "94483",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94483"
            },
            {
              "name": "1037328",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037328"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2016-7458",
    "datePublished": "2016-12-29T09:02:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-06T01:57:47.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_client:5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70442B21-C2C9-4883-AD8E-4233B2EA10FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_client:5.5:u1:*:*:*:*:*:*\", \"matchCriteriaId\": \"65511CF3-4584-4328-A7D8-39136FC824A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_client:5.5:u2:*:*:*:*:*:*\", \"matchCriteriaId\": \"764F7621-FA8C-4DF3-818D-CB0DE0F404C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_client:5.5:u3a:*:*:*:*:*:*\", \"matchCriteriaId\": \"52A06632-642F-446F-BCAE-2E520D85F4D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_client:5.5:u3b:*:*:*:*:*:*\", \"matchCriteriaId\": \"47C3C60E-AFBA-4D36-832C-46EFC16D7895\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_client:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDFEF209-2DB4-40FC-8BBD-1543FE3CB71A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_client:6.0:2:*:*:*:*:*:*\", \"matchCriteriaId\": \"A619CE01-5257-424C-9865-862D60FDF570\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_client:6.0:2m:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7177815-9C77-48B3-ACB8-D0B1451A0965\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_client:6.0:a:*:*:*:*:*:*\", \"matchCriteriaId\": \"8221AC11-7E4E-45C1-AB47-D2E2070F7D60\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_client:6.0:b:*:*:*:*:*:*\", \"matchCriteriaId\": \"8CA6FA6A-37A8-4363-BBA0-C4FAF6FE9C86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_client:6.0:u1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A932E99F-E0FF-4037-8EE9-822F6626F09A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_client:6.0:u1b:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1AD54EC-6EBE-4DBB-9A6D-ED58A15CD481\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.\"}, {\"lang\": \"es\", \"value\": \"VMware vSphere Client 5.5 en versiones anteriores a U3e y 6.0 en versiones anteriores a U2a permite a vCenter Server remoto e instancias ESXi leer archivos arbitrarios a trav\\u00e9s de un documento XML que contiene una declaraci\\u00f3n de entidad externa en conjunci\\u00f3n con una referencia de entidad, relacionado con un problema XML External Entity (XXE).\"}]",
      "id": "CVE-2016-7458",
      "lastModified": "2024-11-21T02:58:03.013",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\", \"baseScore\": 5.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-12-29T09:59:00.603",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/94483\", \"source\": \"security@vmware.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037328\", \"source\": \"security@vmware.com\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2016-0022.html\", \"source\": \"security@vmware.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/94483\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037328\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2016-0022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@vmware.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-611\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-7458\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2016-12-29T09:59:00.603\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.\"},{\"lang\":\"es\",\"value\":\"VMware vSphere Client 5.5 en versiones anteriores a U3e y 6.0 en versiones anteriores a U2a permite a vCenter Server remoto e instancias ESXi leer archivos arbitrarios a trav\u00e9s de un documento XML que contiene una declaraci\u00f3n de entidad externa en conjunci\u00f3n con una referencia de entidad, relacionado con un problema XML External Entity (XXE).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\",\"baseScore\":5.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_client:5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70442B21-C2C9-4883-AD8E-4233B2EA10FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_client:5.5:u1:*:*:*:*:*:*\",\"matchCriteriaId\":\"65511CF3-4584-4328-A7D8-39136FC824A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_client:5.5:u2:*:*:*:*:*:*\",\"matchCriteriaId\":\"764F7621-FA8C-4DF3-818D-CB0DE0F404C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_client:5.5:u3a:*:*:*:*:*:*\",\"matchCriteriaId\":\"52A06632-642F-446F-BCAE-2E520D85F4D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_client:5.5:u3b:*:*:*:*:*:*\",\"matchCriteriaId\":\"47C3C60E-AFBA-4D36-832C-46EFC16D7895\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_client:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDFEF209-2DB4-40FC-8BBD-1543FE3CB71A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_client:6.0:2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A619CE01-5257-424C-9865-862D60FDF570\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_client:6.0:2m:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7177815-9C77-48B3-ACB8-D0B1451A0965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_client:6.0:a:*:*:*:*:*:*\",\"matchCriteriaId\":\"8221AC11-7E4E-45C1-AB47-D2E2070F7D60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_client:6.0:b:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CA6FA6A-37A8-4363-BBA0-C4FAF6FE9C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_client:6.0:u1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A932E99F-E0FF-4037-8EE9-822F6626F09A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_client:6.0:u1b:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1AD54EC-6EBE-4DBB-9A6D-ED58A15CD481\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/94483\",\"source\":\"security@vmware.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037328\",\"source\":\"security@vmware.com\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2016-0022.html\",\"source\":\"security@vmware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94483\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037328\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2016-0022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-5278-X3FC-5HX6

Vulnerability from github – Published: 2022-05-17 02:24 – Updated: 2022-05-17 02:24

Details

Severity ?

5.8 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-7458"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-29T09:59:00Z",
    "severity": "MODERATE"
  },
  "details": "VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
  "id": "GHSA-5278-x3fc-5hx6",
  "modified": "2022-05-17T02:24:38Z",
  "published": "2022-05-17T02:24:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7458"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94483"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037328"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2016-AVI-388

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits VMware. Elles permettent à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	vSphere Client sur Windows version 6.0 sans le correctif de sécurité 6.0 U2a
VMware	N/A	vRealize Automation versions 7.x antérieures à 7.2.0
VMware	N/A	vRealize Automation versions 6.x antérieures à 6.2.5
VMware	vCenter Server	vCenter Server version 5.5 sans le correctif de sécurité 5.5 U3e
VMware	N/A	VMware Identity Manager versions 2.x antérieures à 2.7.1
VMware	N/A	vSphere Client sur Windows version 5.5 sans le correctif de sécurité 5.5 U3e
VMware	vCenter Server	vCenter Server version 6.0 sans le correctif de sécurité 6.0 U2a

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2016-0021 du 22 novembre 2016	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2016-0022 du 22 novembre 2016	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2016-0021 du 22 novembre 2016	-	other
Bulletin de sécurité VMware VMSA-2016-0022 du 22 novembre 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "vSphere Client sur Windows version 6.0 sans le correctif de s\u00e9curit\u00e9 6.0 U2a",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vRealize Automation versions 7.x ant\u00e9rieures \u00e0 7.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vRealize Automation versions 6.x ant\u00e9rieures \u00e0 6.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vCenter Server version 5.5 sans le correctif de s\u00e9curit\u00e9 5.5 U3e",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Identity Manager versions 2.x ant\u00e9rieures \u00e0 2.7.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vSphere Client sur Windows version 5.5 sans le correctif de s\u00e9curit\u00e9 5.5 U3e",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vCenter Server version 6.0 sans le correctif de s\u00e9curit\u00e9 6.0 U2a",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-7459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7459"
    },
    {
      "name": "CVE-2016-7458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7458"
    },
    {
      "name": "CVE-2016-5334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5334"
    },
    {
      "name": "CVE-2016-7460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7460"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2016-0021 du 22 novembre    2016",
      "url": "http://www.vmware.com/security/advisories/VMSA-2016-0021.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2016-0022 du 22 novembre    2016",
      "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
    }
  ],
  "reference": "CERTFR-2016-AVI-388",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-11-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits VMware\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2016-0021 du 22 novembre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2016-0022 du 22 novembre 2016",
      "url": null
    }
  ]
}

CERTFR-2016-AVI-388

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits VMware. Elles permettent à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	vSphere Client sur Windows version 6.0 sans le correctif de sécurité 6.0 U2a
VMware	N/A	vRealize Automation versions 7.x antérieures à 7.2.0
VMware	N/A	vRealize Automation versions 6.x antérieures à 6.2.5
VMware	vCenter Server	vCenter Server version 5.5 sans le correctif de sécurité 5.5 U3e
VMware	N/A	VMware Identity Manager versions 2.x antérieures à 2.7.1
VMware	N/A	vSphere Client sur Windows version 5.5 sans le correctif de sécurité 5.5 U3e
VMware	vCenter Server	vCenter Server version 6.0 sans le correctif de sécurité 6.0 U2a

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2016-0021 du 22 novembre 2016	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2016-0022 du 22 novembre 2016	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2016-0021 du 22 novembre 2016	-	other
Bulletin de sécurité VMware VMSA-2016-0022 du 22 novembre 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "vSphere Client sur Windows version 6.0 sans le correctif de s\u00e9curit\u00e9 6.0 U2a",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vRealize Automation versions 7.x ant\u00e9rieures \u00e0 7.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vRealize Automation versions 6.x ant\u00e9rieures \u00e0 6.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vCenter Server version 5.5 sans le correctif de s\u00e9curit\u00e9 5.5 U3e",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Identity Manager versions 2.x ant\u00e9rieures \u00e0 2.7.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vSphere Client sur Windows version 5.5 sans le correctif de s\u00e9curit\u00e9 5.5 U3e",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vCenter Server version 6.0 sans le correctif de s\u00e9curit\u00e9 6.0 U2a",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-7459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7459"
    },
    {
      "name": "CVE-2016-7458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7458"
    },
    {
      "name": "CVE-2016-5334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5334"
    },
    {
      "name": "CVE-2016-7460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7460"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2016-0021 du 22 novembre    2016",
      "url": "http://www.vmware.com/security/advisories/VMSA-2016-0021.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2016-0022 du 22 novembre    2016",
      "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
    }
  ],
  "reference": "CERTFR-2016-AVI-388",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-11-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits VMware\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2016-0021 du 22 novembre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2016-0022 du 22 novembre 2016",
      "url": null
    }
  ]
}

GSD-2016-7458

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-7458

Aliases

CVE-2016-7458

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-7458",
    "description": "VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
    "id": "GSD-2016-7458"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-7458"
      ],
      "details": "VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
      "id": "GSD-2016-7458",
      "modified": "2023-12-13T01:21:20.849222Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@vmware.com",
        "ID": "CVE-2016-7458",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
          },
          {
            "name": "94483",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94483"
          },
          {
            "name": "1037328",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037328"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_client:5.5:u1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_client:5.5:u2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_client:6.0:2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_client:6.0:2m:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_client:6.0:a:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_client:6.0:b:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_client:5.5:u3a:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_client:5.5:u3b:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_client:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_client:5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_client:6.0:u1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_client:6.0:u1b:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2016-7458"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-611"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
            },
            {
              "name": "94483",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/94483"
            },
            {
              "name": "1037328",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1037328"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2017-07-28T01:29Z",
      "publishedDate": "2016-12-29T09:59Z"
    }
  }
}

FKIE_CVE-2016-7458

Vulnerability from fkie_nvd - Published: 2016-12-29 09:59 - Updated: 2025-04-12 10:46

Severity ?

5.8 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Summary

References

URL	Tags
security@vmware.com	http://www.securityfocus.com/bid/94483	Third Party Advisory, VDB Entry
security@vmware.com	http://www.securitytracker.com/id/1037328
security@vmware.com	http://www.vmware.com/security/advisories/VMSA-2016-0022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94483	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037328
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2016-0022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
vmware	vsphere_client	5.5
vmware	vsphere_client	5.5
vmware	vsphere_client	5.5
vmware	vsphere_client	5.5
vmware	vsphere_client	5.5
vmware	vsphere_client	6.0
vmware	vsphere_client	6.0
vmware	vsphere_client	6.0
vmware	vsphere_client	6.0
vmware	vsphere_client	6.0
vmware	vsphere_client	6.0
vmware	vsphere_client	6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_client:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "70442B21-C2C9-4883-AD8E-4233B2EA10FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_client:5.5:u1:*:*:*:*:*:*",
              "matchCriteriaId": "65511CF3-4584-4328-A7D8-39136FC824A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_client:5.5:u2:*:*:*:*:*:*",
              "matchCriteriaId": "764F7621-FA8C-4DF3-818D-CB0DE0F404C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_client:5.5:u3a:*:*:*:*:*:*",
              "matchCriteriaId": "52A06632-642F-446F-BCAE-2E520D85F4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_client:5.5:u3b:*:*:*:*:*:*",
              "matchCriteriaId": "47C3C60E-AFBA-4D36-832C-46EFC16D7895",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_client:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDFEF209-2DB4-40FC-8BBD-1543FE3CB71A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_client:6.0:2:*:*:*:*:*:*",
              "matchCriteriaId": "A619CE01-5257-424C-9865-862D60FDF570",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_client:6.0:2m:*:*:*:*:*:*",
              "matchCriteriaId": "D7177815-9C77-48B3-ACB8-D0B1451A0965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_client:6.0:a:*:*:*:*:*:*",
              "matchCriteriaId": "8221AC11-7E4E-45C1-AB47-D2E2070F7D60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_client:6.0:b:*:*:*:*:*:*",
              "matchCriteriaId": "8CA6FA6A-37A8-4363-BBA0-C4FAF6FE9C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_client:6.0:u1:*:*:*:*:*:*",
              "matchCriteriaId": "A932E99F-E0FF-4037-8EE9-822F6626F09A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_client:6.0:u1b:*:*:*:*:*:*",
              "matchCriteriaId": "C1AD54EC-6EBE-4DBB-9A6D-ED58A15CD481",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
    },
    {
      "lang": "es",
      "value": "VMware vSphere Client 5.5 en versiones anteriores a U3e y 6.0 en versiones anteriores a U2a permite a vCenter Server remoto e instancias ESXi leer archivos arbitrarios a trav\u00e9s de un documento XML que contiene una declaraci\u00f3n de entidad externa en conjunci\u00f3n con una referencia de entidad, relacionado con un problema XML External Entity (XXE)."
    }
  ],
  "id": "CVE-2016-7458",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-29T09:59:00.603",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94483"
    },
    {
      "source": "security@vmware.com",
      "url": "http://www.securitytracker.com/id/1037328"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94483"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2016-11695

Vulnerability from cnvd - Published: 2016-12-01

Title

VMware vSphere Client XML外部实体信息泄露漏洞

Description

VMware vSphere是美国威睿（VMware）公司的一套用于构建云计算基础架构的虚拟化平台，该平台将应用程序和操作系统从底层硬件分离出来，从而简化了IT操作。VMware vSphere Client是VMware vSphere的一个客户端软件。 VMware vSphere Client 6.0和5.5版本中存在XML外部实体信息泄露漏洞，攻击者可利用该漏洞获取敏感信息。

Severity

中

Patch Name

VMware vSphere Client XML外部实体信息泄露漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： http://www.vmware.com/security/advisories/VMSA-2016-0022.html

Reference

http://www.securityfocus.com/bid/94483

Impacted products

Name
['VMWare vSphere Client 6.0', 'VMWare vSphere Client 5.5']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94483"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-7458"
    }
  },
  "description": "VMware vSphere\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u6784\u5efa\u4e91\u8ba1\u7b97\u57fa\u7840\u67b6\u6784\u7684\u865a\u62df\u5316\u5e73\u53f0\uff0c\u8be5\u5e73\u53f0\u5c06\u5e94\u7528\u7a0b\u5e8f\u548c\u64cd\u4f5c\u7cfb\u7edf\u4ece\u5e95\u5c42\u786c\u4ef6\u5206\u79bb\u51fa\u6765\uff0c\u4ece\u800c\u7b80\u5316\u4e86IT\u64cd\u4f5c\u3002VMware vSphere Client\u662fVMware vSphere\u7684\u4e00\u4e2a\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002 \r\n\r\nVMware vSphere Client 6.0\u548c5.5\u7248\u672c\u4e2d\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Vladimir Ivanov, Andrey Evlanin, Mikhail Stepankin, Artem Kondratenko, and Arseniy Sharoglazov of Positive Technologies",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.vmware.com/security/advisories/VMSA-2016-0022.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-11695",
  "openTime": "2016-12-01",
  "patchDescription": "VMware vSphere\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u6784\u5efa\u4e91\u8ba1\u7b97\u57fa\u7840\u67b6\u6784\u7684\u865a\u62df\u5316\u5e73\u53f0\uff0c\u8be5\u5e73\u53f0\u5c06\u5e94\u7528\u7a0b\u5e8f\u548c\u64cd\u4f5c\u7cfb\u7edf\u4ece\u5e95\u5c42\u786c\u4ef6\u5206\u79bb\u51fa\u6765\uff0c\u4ece\u800c\u7b80\u5316\u4e86IT\u64cd\u4f5c\u3002VMware vSphere Client\u662fVMware vSphere\u7684\u4e00\u4e2a\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002 \r\n\r\nVMware vSphere Client 6.0\u548c5.5\u7248\u672c\u4e2d\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "VMware vSphere Client XML\u5916\u90e8\u5b9e\u4f53\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "VMWare vSphere Client 6.0",
      "VMWare vSphere Client 5.5"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/94483",
  "serverity": "\u4e2d",
  "submitTime": "2016-11-29",
  "title": "VMware vSphere Client XML\u5916\u90e8\u5b9e\u4f53\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-7458 (GCVE-0-2016-7458)

GHSA-5278-X3FC-5HX6

CERTFR-2016-AVI-388

Solution

CERTFR-2016-AVI-388

Solution

GSD-2016-7458

FKIE_CVE-2016-7458

CNVD-2016-11695

Tags

Sightings

Nomenclature