CVE-2017-4952

HIGH

VMware Xenon <1.5.4-1.5.7 - Auth Bypass

Title source: llm
STIX 2.1

Description

VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure.

References (11)

Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103093
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2018/q1/153

Scores

CVSS v3 7.5
EPSS 0.0192
EPSS Percentile 83.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-732
Status published
Products (7)
vmware/xenon 1.1.0 cr0-3 (2 CPE variants)
vmware/xenon 1.3.7 cr1_2
vmware/xenon 1.4.2 cr4_1
vmware/xenon 1.5.4 cr2 (8 CPE variants)
vmware/xenon 1.5.4_8
vmware/xenon 1.5.7_7
vmware/xenon 1.0.0 - 1.5.3
Published May 02, 2018
Tracked Since Feb 18, 2026