CVE-2016-7458

Published on: 12/29/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:06 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Certain versions of Vsphere Client from Vmware contain the following vulnerability:

VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

  • CVE-2016-7458 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.8 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED LOW NONE NONE

CVSS2 Score: 5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
VMware vSphere Client XML External Entity Processing Flaw Lets Remote Users Obtain Potentially Sensitive Information - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1037328
VMSA-2016-0022 Vendor Advisory
www.vmware.com
text/html
URL Logo CONFIRM www.vmware.com/security/advisories/VMSA-2016-0022.html
VMware vSphere Client CVE-2016-7458 XML External Entity Information Disclosure Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 94483

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationVmwareVsphere Client5.5AllAllAll
ApplicationVmwareVsphere Client5.5u1AllAll
ApplicationVmwareVsphere Client5.5u2AllAll
ApplicationVmwareVsphere Client5.5u3aAllAll
ApplicationVmwareVsphere Client5.5u3bAllAll
ApplicationVmwareVsphere Client6.0AllAllAll
ApplicationVmwareVsphere Client6.02AllAll
ApplicationVmwareVsphere Client6.02mAllAll
ApplicationVmwareVsphere Client6.0aAllAll
ApplicationVmwareVsphere Client6.0bAllAll
ApplicationVmwareVsphere Client6.0u1AllAll
ApplicationVmwareVsphere Client6.0u1bAllAll
ApplicationVmwareVsphere Client5.5AllAllAll
ApplicationVmwareVsphere Client5.5u1AllAll
ApplicationVmwareVsphere Client5.5u2AllAll
ApplicationVmwareVsphere Client5.5u3aAllAll
ApplicationVmwareVsphere Client5.5u3bAllAll
ApplicationVmwareVsphere Client6.0AllAllAll
ApplicationVmwareVsphere Client6.02AllAll
ApplicationVmwareVsphere Client6.02mAllAll
ApplicationVmwareVsphere Client6.0aAllAll
ApplicationVmwareVsphere Client6.0bAllAll
ApplicationVmwareVsphere Client6.0u1AllAll
ApplicationVmwareVsphere Client6.0u1bAllAll
  • cpe:2.3:a:vmware:vsphere_client:5.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:5.5:u1:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:5.5:u2:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:5.5:u3a:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:5.5:u3b:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:6.0:2:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:6.0:2m:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:6.0:a:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:6.0:b:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:6.0:u1:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:6.0:u1b:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:5.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:5.5:u1:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:5.5:u2:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:5.5:u3a:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:5.5:u3b:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:6.0:2:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:6.0:2m:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:6.0:a:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:6.0:b:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:6.0:u1:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vsphere_client:6.0:u1b:*:*:*:*:*:*: