CVE-2016-7458
MEDIUMVMware vSphere Client 5.5-6.0 - XML External Entity Injection via External Entity Declaration
Title source: llmDescription
VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2016-0022.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94483
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037328
Scores
CVSS v3
5.8
EPSS
0.0045
EPSS Percentile
63.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (2)
vmware/vsphere_client
5.5 (5 CPE variants)
vmware/vsphere_client
6.0 (7 CPE variants)
Published
Dec 29, 2016
Tracked Since
Feb 18, 2026