CVE-2016-7458XML External Entity (XXE) Injection in Vmware Vsphere Client

CWE-611XML External Entity (XXE) Injection4 documents4 sources
Severity
5.8MEDIUMNVD
EPSS
0.4%
top 36.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Vsphere Client
Timeline
PublishedDec 29
Latest updateMay 17

Description

VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDvmware/vsphere_client5.5, 6.0+1

🔴Vulnerability Details

2
GHSA
GHSA-5278-x3fc-5hx6: VMware vSphere Client 52022-05-17
CVEList
CVE-2016-7458: VMware vSphere Client 52016-12-29

💬Community

1
Bugzilla
CVE-2013-7458 redis: world-readable ~/.rediscli_history2016-08-03
CVE-2016-7458 — XML External Entity (XXE) Injection | cvebase