Multiple VMware Products CVE-2016-7460 XML External Entity Injection Vulnerability

Bugtraq ID: 94485
Class: Design Error
CVE: CVE-2016-7460
Remote: Yes
Local: No
Published: Nov 22 2016 12:00AM
Updated: Nov 24 2016 01:15AM
Credit: Vladimir Ivanov, Andrey Evlanin, Mikhail Stepankin, Artem Kondratenko, and Arseniy Sharoglazov of Positive Technologies
Vulnerable: VMWare vRealize Automation 6.2.4
VMWare vRealize Automation 6.2.4.1
VMWare vRealize Automation 6.2
VMWare vRealize Automation 6.1
VMWare vRealize Automation 6.0
VMWare vCenter Server 6.0
VMWare vCenter Server 5.5
Not Vulnerable: VMWare vRealize Automation 6.2.5
VMWare vCenter Server 6.0 U2a
VMWare vCenter Server 5.5 U3e


 

Privacy Statement
Copyright 2010, SecurityFocus