Описание
The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization.
Ссылки
- Vendor Advisory
- Technical DescriptionThird Party Advisory
- Vendor Advisory
- Technical DescriptionThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:vmware:vrealize_operations:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vrealize_operations:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vrealize_operations:6.2.0a:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vrealize_operations:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vrealize_operations:6.3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01674
Низкий
8.5 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-264
Связанные уязвимости
CVSS3: 8.5
github
больше 3 лет назад
The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization.
EPSS
Процентиль: 82%
0.01674
Низкий
8.5 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-264