Executive Summary
Summary | |
---|---|
Title | VMware product updates address information disclosure vulnerabilities |
Informations | |||
---|---|---|---|
Name | VMSA-2016-0022 | First vendor Publication | 2016-11-22 |
Vendor | VMware | Last vendor Modification | 2016-11-22 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.4 | Attack Range | Network |
Cvss Impact Score | 4.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. vSphere Client XML External Entity vulnerability The vSphere Client contains an XML External Entity (XXE) vulnerability. This issue can lead to information disclosure if a vSphere Client user is tricked into connecting to a malicious instance of vCenter Server or ESXi. There are no known workarounds for this issue. VMware would like to thank Vladimir Ivanov, Andrey Evlanin, Mikhail Stepankin, Artem Kondratenko, Arseniy Sharoglazov of Positive Technologies for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2016-7458 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2016-0022.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-611 | Information Leak Through XML External Entity File Disclosure |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-12-09 | Name : The remote host has a virtualization client application installed that is aff... File : vsphere_client_vmsa_2016-0022.nasl - Type : ACT_GATHER_INFO |
2016-12-02 | Name : A virtualization management application installed on the remote host is affec... File : vmware_vcenter_vmsa-2016-0022.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-12-30 00:24:35 |
|
2016-12-29 21:25:16 |
|
2016-12-29 13:22:01 |
|
2016-12-10 13:24:59 |
|
2016-12-03 13:23:06 |
|
2016-11-22 21:21:19 |
|