CVE-2016-7458

VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
vmwareCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
vmwarevsphere_client
5.5
vmwarevsphere_client
5.5:u1
vmwarevsphere_client
5.5:u2
vmwarevsphere_client
5.5:u3a
vmwarevsphere_client
5.5:u3b
vmwarevsphere_client
6.0
vmwarevsphere_client
6.0:2
vmwarevsphere_client
6.0:2m
vmwarevsphere_client
6.0:a
vmwarevsphere_client
6.0:b
vmwarevsphere_client
6.0:u1
vmwarevsphere_client
6.0:u1b
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/94483
http://www.securitytracker.com/id/1037328
http://www.vmware.com/security/advisories/VMSA-2016-0022.html
http://www.securityfocus.com/bid/94483
http://www.securitytracker.com/id/1037328
http://www.vmware.com/security/advisories/VMSA-2016-0022.html