CVE-2016-7457

CRITICAL

VMware vRealize Operations 6.x - Authenticated Privilege Escalation and Virtual Machine Manipulation

Title source: llm

Description

VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2016-0016.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1036999

Vendor Advisory x_refsource_confirm

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_us

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/93499

Scores

CVSS v3 10.0

EPSS 0.0151

EPSS Percentile 81.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (5)

vmware/vrealize_operations 6.0.0

vmware/vrealize_operations 6.1.0

vmware/vrealize_operations 6.2.0a

vmware/vrealize_operations 6.2.1

vmware/vrealize_operations 6.3.0

Published Dec 29, 2016

Tracked Since Feb 18, 2026