Executive Summary

Summary
TitleVMware product updates address information disclosure vulnerabilities
Informations
NameVMSA-2016-0022First vendor Publication2016-11-22
VendorVMwareLast vendor Modification2016-11-22
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Cvss Base Score6.4Attack RangeNetwork
Cvss Impact Score4.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

a. vSphere Client XML External Entity vulnerability
 The vSphere Client contains an XML External Entity (XXE) vulnerability. This issue can lead to information disclosure if a vSphere Client user is tricked into connecting to a malicious instance of vCenter Server or ESXi.

There are no known workarounds for this issue.

VMware would like to thank Vladimir Ivanov, Andrey Evlanin, Mikhail Stepankin, Artem Kondratenko, Arseniy Sharoglazov of Positive Technologies for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2016-7458 to this issue.

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

Original Source

Url : http://www.vmware.com/security/advisories/VMSA-2016-0022.html

CWE : Common Weakness Enumeration

%idName
100 %CWE-611Information Leak Through XML External Entity File Disclosure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application13
Application11
Application12

Nessus® Vulnerability Scanner

DateDescription
2016-12-09Name : The remote host has a virtualization client application installed that is aff...
File : vsphere_client_vmsa_2016-0022.nasl - Type : ACT_GATHER_INFO
2016-12-02Name : A virtualization management application installed on the remote host is affec...
File : vmware_vcenter_vmsa-2016-0022.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
DateInformations
2016-12-30 00:24:35
  • Multiple Updates
2016-12-29 21:25:16
  • Multiple Updates
2016-12-29 13:22:01
  • Multiple Updates
2016-12-10 13:24:59
  • Multiple Updates
2016-12-03 13:23:06
  • Multiple Updates
2016-11-22 21:21:19
  • First insertion