7.5

CVE-2017-4952

VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure.

Data is provided by the National Vulnerability Database (NVD)
VMwareXenon Version >= 1.0.0 <= 1.5.3
VMwareXenon Version1.1.0 Updatecr0-3
VMwareXenon Version1.1.0 Updatecr3_1
VMwareXenon Version1.3.7 Updatecr1_2
VMwareXenon Version1.4.2 Updatecr4_1
VMwareXenon Version1.5.4 Updatecr2
VMwareXenon Version1.5.4 Updatecr3
VMwareXenon Version1.5.4 Updatecr4
VMwareXenon Version1.5.4 Updatecr5
VMwareXenon Version1.5.4 Updatecr6
VMwareXenon Version1.5.4 Updatecr6_1
VMwareXenon Version1.5.4 Updatecr6_2
VMwareXenon Version1.5.4 Updatecr7
VMwareXenon Version1.5.4_8
VMwareXenon Version1.5.7_7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.96% 0.745
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

http://seclists.org/oss-sec/2018/q1/153
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/103093
Third Party Advisory
VDB Entry