CVE-2016-7462

Sažetak

The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization.

Reference

http://www.securityfocus.com/bid/94351
http://www.securitytracker.com/id/1037297
http://www.vmware.com/security/advisories/VMSA-2016-0020.html
https://www.tenable.com/security/research/tra-2016-34

CVSS

Base:	7.5
Impact:	7.8
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:C

Zadnje važnije ažuriranje

28-07-2017 - 01:29

Objavljeno

29-12-2016 - 09:59