VDB-92552 · CVE-2016-7457 · BID 93499

VMware vRealize Operations Address Updater access control

A vulnerability was found in VMware vRealize Operations (affected version not known) and classified as very critical. Affected by this issue is an unknown code block of the component Address Updater. Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field10/12/2016 10:20 AM05/07/2019 05:10 PM09/22/2022 07:31 PM
vendorVMwareVMwareVMware
namevRealize OperationsvRealize OperationsvRealize Operations
componentAddress UpdaterAddress UpdaterAddress Updater
cwe264 (access control)264 (access control)264 (access control)
risk222
cvss2_vuldb_basescore6.56.56.5
cvss2_vuldb_tempscore5.75.75.7
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auSSS
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiCCC
cvss3_meta_basescore10.010.010.0
cvss3_meta_tempscore9.59.59.7
cvss3_vuldb_basescore10.010.010.0
cvss3_vuldb_tempscore9.59.59.5
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sCCC
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1476144000 (10/11/2016)1476144000 (10/11/2016)1476144000 (10/11/2016)
locationFull-DisclosureFull-DisclosureFull-Disclosure
typeMailinglist PostMailinglist PostMailinglist Post
urlhttp://seclists.org/fulldisclosure/2016/Oct/59http://seclists.org/fulldisclosure/2016/Oct/59http://seclists.org/fulldisclosure/2016/Oct/59
confirm_urlhttps://kb.vmware.com/kb/2147215https://kb.vmware.com/kb/2147215https://kb.vmware.com/kb/2147215
disputed000
price_0day$25k-$100k$25k-$100k$25k-$100k
namePatchPatchPatch
date1476144000 (10/11/2016)1476144000 (10/11/2016)1476144000 (10/11/2016)
cveCVE-2016-7457CVE-2016-7457CVE-2016-7457
cve_nvd_published148296960014829696001482969600
cve_nvd_summaryVMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.
securityfocus934999349993499
securityfocus_titleVMware vRealize Operations CVE-2016-7457 Unspecified Remote Privilege Escalation VulnerabilityVMware vRealize Operations CVE-2016-7457 Unspecified Remote Privilege Escalation VulnerabilityVMware vRealize Operations CVE-2016-7457 Unspecified Remote Privilege Escalation Vulnerability
openvas_id861066861066861066
openvas_filenamegb_vmware_vrealize_operations_manager_VMSA-2016-0016.naslgb_vmware_vrealize_operations_manager_VMSA-2016-0016.naslgb_vmware_vrealize_operations_manager_VMSA-2016-0016.nasl
openvas_titleVMSA-2016-0016: vRealize Operations (vROps) Privilege Escalation VulnerabilityVMSA-2016-0016: vRealize Operations (vROps) Privilege Escalation VulnerabilityVMSA-2016-0016: vRealize Operations (vROps) Privilege Escalation Vulnerability
openvas_familyVMware Local Security ChecksVMware Local Security ChecksVMware Local Security Checks
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_nvd_basescore10.010.010.0
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sCC
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cve_assigned1473379200 (09/09/2016)1473379200 (09/09/2016)
securityfocus_date1476144000 (10/11/2016)1476144000 (10/11/2016)
securityfocus_classUnknownUnknown
sectracker1036999
cvss2_nvd_basescore8.0

Do you want to use VulDB in your project?

Use the official API to access entries easily!