CVE-2016-7460 in vCenter Serverinfo

Summary

The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

09/09/2016

Disclosure

12/29/2016

Moderation

VulDB entry created

Entries

2: VDB-93795

CPE

ready

CWE

CWE-611 (Confirmed)

CVSS

9.1

EPSS

0.02008

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-7460
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-7460
CVE Details	https://www.cvedetails.com/cve/CVE-2016-7460/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!