CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-7458

VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 62.5%

CVSS Severity

CVSS v3 Score 5.8

CVSS v2 Score 5.0

References

http://www.securityfocus.com/bid/94483
http://www.securitytracker.com/id/1037328
http://www.vmware.com/security/advisories/VMSA-2016-0022.html
http://www.securityfocus.com/bid/94483
http://www.securitytracker.com/id/1037328
http://www.vmware.com/security/advisories/VMSA-2016-0022.html

Products affected by CVE-2016-7458

Vmware » Vsphere Client » Version: 5.5

cpe:2.3:a:vmware:vsphere_client:5.5
Vmware » Vsphere Client » Version: 6.0

cpe:2.3:a:vmware:vsphere_client:6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-7458

Products

Pricing

Contact Us