CVE-2016-7459 - Vulnerability Details

Vendors	Products
Vmware	Vcenter Server

Link	Providers
http://www.securityfocus.com/bid/94486
http://www.securitytracker.com/id/1037329
http://www.vmware.com/security/advisories/VMSA-2016-0022.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-11-22T00:00:00", "descriptions": [{"lang": "en", "value": "VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-27T09:57:01", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"name": "94486", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94486"}, {"name": "1037329", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037329"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2016-7459", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "94486", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94486"}, {"name": "1037329", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037329"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:57:47.651Z"}, "title": "CVE Program Container", "references": [{"name": "94486", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94486"}, {"name": "1037329", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037329"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2016-7459", "datePublished": "2016-12-29T09:02:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T01:57:47.651Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2016-11-22T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-07-27T09:57:01 (string)

orgId : dcf2e128-44bd-42ed-91e8-88f912c1401d (string)

shortName : vmware (string)

}

references : [ »

0 : { »

name : 94486 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/94486 (string)

}

1 : { »

name : 1037329 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1037329 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.vmware.com/security/advisories/VMSA-2016-0022.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@vmware.com (string)

ID : CVE-2016-7459 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 94486 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/94486 (string)

}

1 : { »

name : 1037329 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1037329 (string)

}

2 : { »

name : http://www.vmware.com/security/advisories/VMSA-2016-0022.html (string)

refsource : CONFIRM (string)

url : http://www.vmware.com/security/advisories/VMSA-2016-0022.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T01:57:47.651Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 94486 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/94486 (string)

}

1 : { »

name : 1037329 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1037329 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.vmware.com/security/advisories/VMSA-2016-0022.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : dcf2e128-44bd-42ed-91e8-88f912c1401d (string)

assignerShortName : vmware (string)

cveId : CVE-2016-7459 (string)

datePublished : 2016-12-29T09:02:00 (string)

dateReserved : 2016-09-09T00:00:00 (string)

dateUpdated : 2024-08-06T01:57:47.651Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:vcenter_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "46C704E0-E165-4A44-A104-6C5B83A83237", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "8B12523A-5C1E-408F-BB4B-98EF32C7D676", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:1:*:*:*:*:*:*", "matchCriteriaId": "C06379AA-13C0-41FB-B63C-0C46D6DD0462", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:2:*:*:*:*:*:*", "matchCriteriaId": "8339BAB3-D6C9-426A-9C1D-9F2AB946BF96", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:3a:*:*:*:*:*:*", "matchCriteriaId": "23D847E4-5869-476A-B85F-29D8D5FDB68D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:3b:*:*:*:*:*:*", "matchCriteriaId": "5F8CC145-0D3F-4E42-BA46-403586EC608A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "7499E57A-1F9C-45F0-93F8-F3FB7B0F990F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:1:*:*:*:*:*:*", "matchCriteriaId": "43BEE461-85B7-4C19-8FBA-4460186DC58A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:1b:*:*:*:*:*:*", "matchCriteriaId": "E8249B2E-251F-4ED9-836F-E5D4C90D4EA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:2:*:*:*:*:*:*", "matchCriteriaId": "ED78D4B1-5959-46F1-8DEE-7DE3BE38BAE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:2m:*:*:*:*:*:*", "matchCriteriaId": "6C722953-08D7-4763-84CB-144D40D99EAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:a:*:*:*:*:*:*", "matchCriteriaId": "74EE8EE5-54F0-4359-898B-C57C5B2AE7C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:b:*:*:*:*:*:*", "matchCriteriaId": "F83AAB8E-F129-4D1C-A4BC-4CC2C1777F5F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."}, {"lang": "es", "value": "VMware vCenter Server 5.5 en versiones anteriores a U3e y 6.0 en versiones anteriores a U2a permite a usuarios remotos autenticados leer archivos arbitrarios a trav\u00e9s de un documento (1) Log Browser, (2) Distributed Switch setup, o (3) Content Library XML que contiene una declaraci\u00f3n de entidad externa en conjunci\u00f3n con una referencia de entidad, relacionado con un problema XML External Entity (XXE)."}], "id": "CVE-2016-7459", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-29T09:59:00.633", "references": [{"source": "security@vmware.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94486"}, {"source": "security@vmware.com", "url": "http://www.securitytracker.com/id/1037329"}, {"source": "security@vmware.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94486"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1037329"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:vmware:vcenter_server:5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 46C704E0-E165-4A44-A104-6C5B83A83237 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:vmware:vcenter_server:5.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 8B12523A-5C1E-408F-BB4B-98EF32C7D676 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:vmware:vcenter_server:5.5:1:*:*:*:*:*:* (string)

matchCriteriaId : C06379AA-13C0-41FB-B63C-0C46D6DD0462 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:vmware:vcenter_server:5.5:2:*:*:*:*:*:* (string)

matchCriteriaId : 8339BAB3-D6C9-426A-9C1D-9F2AB946BF96 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:vmware:vcenter_server:5.5:3a:*:*:*:*:*:* (string)

matchCriteriaId : 23D847E4-5869-476A-B85F-29D8D5FDB68D (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:vmware:vcenter_server:5.5:3b:*:*:*:*:*:* (string)

matchCriteriaId : 5F8CC145-0D3F-4E42-BA46-403586EC608A (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 7499E57A-1F9C-45F0-93F8-F3FB7B0F990F (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:vmware:vcenter_server:6.0:1:*:*:*:*:*:* (string)

matchCriteriaId : 43BEE461-85B7-4C19-8FBA-4460186DC58A (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:vmware:vcenter_server:6.0:1b:*:*:*:*:*:* (string)

matchCriteriaId : E8249B2E-251F-4ED9-836F-E5D4C90D4EA6 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:vmware:vcenter_server:6.0:2:*:*:*:*:*:* (string)

matchCriteriaId : ED78D4B1-5959-46F1-8DEE-7DE3BE38BAE3 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:vmware:vcenter_server:6.0:2m:*:*:*:*:*:* (string)

matchCriteriaId : 6C722953-08D7-4763-84CB-144D40D99EAC (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:vmware:vcenter_server:6.0:a:*:*:*:*:*:* (string)

matchCriteriaId : 74EE8EE5-54F0-4359-898B-C57C5B2AE7C4 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:vmware:vcenter_server:6.0:b:*:*:*:*:*:* (string)

matchCriteriaId : F83AAB8E-F129-4D1C-A4BC-4CC2C1777F5F (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. (string)

}

1 : { »

lang : es (string)

value : VMware vCenter Server 5.5 en versiones anteriores a U3e y 6.0 en versiones anteriores a U2a permite a usuarios remotos autenticados leer archivos arbitrarios a través de un documento (1) Log Browser, (2) Distributed Switch setup, o (3) Content Library XML que contiene una declaración de entidad externa en conjunción con una referencia de entidad, relacionado con un problema XML External Entity (XXE). (string)

}

]

id : CVE-2016-7459 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 4 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.7 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 3.1 (number)

impactScore : 4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2016-12-29T09:59:00.633 (string)

references : [ »

0 : { »

source : security@vmware.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/94486 (string)

}

1 : { »

source : security@vmware.com (string)

url : http://www.securitytracker.com/id/1037329 (string)

}

2 : { »

source : security@vmware.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.vmware.com/security/advisories/VMSA-2016-0022.html (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/94486 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1037329 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.vmware.com/security/advisories/VMSA-2016-0022.html (string)

}

]

sourceIdentifier : security@vmware.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-611 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object