ID CVE-2016-7458
Summary VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
Vulnerable Configurations
  • VMware vSphere Client 5.5 Update 1
    cpe:2.3:a:vmware:vsphere_client:5.5:u1
  • VMware vSphere Client 5.5 Update 2
    cpe:2.3:a:vmware:vsphere_client:5.5:u2
  • VMware vSphere Client 5.5 Update 3a
    cpe:2.3:a:vmware:vsphere_client:5.5:u3a
  • VMware vSphere Client 5.5 Update 3b
    cpe:2.3:a:vmware:vsphere_client:5.5:u3b
  • VMware vSphere Client 6.0 a
    cpe:2.3:a:vmware:vsphere_client:6.0:a
  • VMware vSphere Client 6.0 b
    cpe:2.3:a:vmware:vsphere_client:6.0:b
  • VMware vSphere Client 6.0 Update 1
    cpe:2.3:a:vmware:vsphere_client:6.0:u1
  • VMware vSphere Client 6.0 Update 1b
    cpe:2.3:a:vmware:vsphere_client:6.0:u1b
  • VMware vSphere Client 6.0 2
    cpe:2.3:a:vmware:vsphere_client:6.0:2
  • VMware vSphere Client 6.0 2m
    cpe:2.3:a:vmware:vsphere_client:6.0:2m
  • VMware vSphere Client 6.0
    cpe:2.3:a:vmware:vsphere_client:6.0
  • VMware vSphere Client 5.5
    cpe:2.3:a:vmware:vsphere_client:5.5
CVSS
Base: 5.0 (as of 02-01-2017 - 12:00)
Impact:
Exploitability:
CWE CWE-611
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family Windows
NASL id VSPHERE_CLIENT_VMSA_2016-0022.NASL
description The version of vSphere Client installed on the remote Windows host is affected by an information disclosure vulnerability due to an incorrectly configured XML parser accepting XML external entities (XXE) from an untrusted source. An unauthenticated, remote attacker can exploit this issue to disclose arbitrary files by convincing a user to connect to a malicious instance of a vCenter Server or ESXi host containing specially crafted XML data.
last seen 2019-02-21
modified 2018-08-06
plugin id 95657
published 2016-12-09
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=95657
title VMware vSphere Client XXE Injection Information Disclosure (VMSA-2016-0022)
refmap via4
bid 94483
confirm http://www.vmware.com/security/advisories/VMSA-2016-0022.html
sectrack 1037328
vmware via4
description The vSphere Client contains an XML External Entity (XXE) vulnerability. This issue can lead to information disclosure if a vSphere Client user is tricked into connecting to a malicious instance of vCenter Server or ESXi.
finder
company Positive Technologies
name Vladimir Ivanov, Andrey Evlanin, Mikhail   Stepankin, Artem Kondratenko, Arseniy Sharoglazov
id VMSA-2016-0022
last_updated 2016-11-22T00:00:00
published 2016-11-22T00:00:00
title VMware product updates address information disclosure vulnerabilities
workaround None
Last major update 03-01-2017 - 13:21
Published 29-12-2016 - 04:59
Last modified 27-07-2017 - 21:29
Back to Top