{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-11-22T00:00:00", "descriptions": [{"lang": "en", "value": "VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-27T09:57:01", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"name": "94486", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94486"}, {"name": "1037329", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037329"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2016-7459", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "94486", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94486"}, {"name": "1037329", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037329"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:57:47.651Z"}, "title": "CVE Program Container", "references": [{"name": "94486", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94486"}, {"name": "1037329", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037329"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2016-7459", "datePublished": "2016-12-29T09:02:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T01:57:47.651Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:vcenter_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "46C704E0-E165-4A44-A104-6C5B83A83237", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "8B12523A-5C1E-408F-BB4B-98EF32C7D676", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:1:*:*:*:*:*:*", "matchCriteriaId": "C06379AA-13C0-41FB-B63C-0C46D6DD0462", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:2:*:*:*:*:*:*", "matchCriteriaId": "8339BAB3-D6C9-426A-9C1D-9F2AB946BF96", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:3a:*:*:*:*:*:*", "matchCriteriaId": "23D847E4-5869-476A-B85F-29D8D5FDB68D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:3b:*:*:*:*:*:*", "matchCriteriaId": "5F8CC145-0D3F-4E42-BA46-403586EC608A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "7499E57A-1F9C-45F0-93F8-F3FB7B0F990F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:1:*:*:*:*:*:*", "matchCriteriaId": "43BEE461-85B7-4C19-8FBA-4460186DC58A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:1b:*:*:*:*:*:*", "matchCriteriaId": "E8249B2E-251F-4ED9-836F-E5D4C90D4EA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:2:*:*:*:*:*:*", "matchCriteriaId": "ED78D4B1-5959-46F1-8DEE-7DE3BE38BAE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:2m:*:*:*:*:*:*", "matchCriteriaId": "6C722953-08D7-4763-84CB-144D40D99EAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:a:*:*:*:*:*:*", "matchCriteriaId": "74EE8EE5-54F0-4359-898B-C57C5B2AE7C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:b:*:*:*:*:*:*", "matchCriteriaId": "F83AAB8E-F129-4D1C-A4BC-4CC2C1777F5F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."}, {"lang": "es", "value": "VMware vCenter Server 5.5 en versiones anteriores a U3e y 6.0 en versiones anteriores a U2a permite a usuarios remotos autenticados leer archivos arbitrarios a trav\u00e9s de un documento (1) Log Browser, (2) Distributed Switch setup, o (3) Content Library XML que contiene una declaraci\u00f3n de entidad externa en conjunci\u00f3n con una referencia de entidad, relacionado con un problema XML External Entity (XXE)."}], "id": "CVE-2016-7459", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-29T09:59:00.633", "references": [{"source": "security@vmware.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94486"}, {"source": "security@vmware.com", "url": "http://www.securitytracker.com/id/1037329"}, {"source": "security@vmware.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94486"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1037329"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}