CVE-2016-5334

Опубликовано: 29 дек. 2016

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.

Ссылки

http://www.securityfocus.com/bid/94482
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037326
Broken Link
Third Party Advisory
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2016-0021.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/94482
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037326
Broken Link
Third Party Advisory
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2016-0021.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:identity_manager:*:*:*:*:*:*:*:*

Версия от 2.0 (включая) до 2.7.1 (исключая)

cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*

Версия от 7.0 (включая) до 7.2.0 (исключая)

EPSS

Процентиль: 46%

0.0023

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-668

Связанные уязвимости

GHSA-xgc4-84f6-p6xr