CVE-2017-4952

Опубликовано: 02 мая 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure.

Ссылки

http://seclists.org/oss-sec/2018/q1/153
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/103093
Third Party Advisory
VDB Entry
https://github.com/vmware/xenon/commit/055ae13603f0cc3cd7cf59f20ce314bf8db583e1
Patch
Third Party Advisory
https://github.com/vmware/xenon/commit/06b9947cf603ba40fd8b03bfeb2e84528a7ab592
Patch
Third Party Advisory
https://github.com/vmware/xenon/commit/30ae41bccf418d88b52b35a81efb3c1304b798f8
Patch
Third Party Advisory
https://github.com/vmware/xenon/commit/5682ef8d40569afd00fb9a5933e7706bb5b66713
Patch
Third Party Advisory
https://github.com/vmware/xenon/commit/756d893573414eec8635c2aba2345c4dcf10b21c
Patch
Third Party Advisory
https://github.com/vmware/xenon/commit/7a747d82b80cd38d2c11a0d9cdedb71c722a2c75
Patch
Third Party Advisory
https://github.com/vmware/xenon/commit/b1fd306047ecdac82661d636ebee801a7f2b3a0a
Patch
Third Party Advisory
https://github.com/vmware/xenon/commit/c23964eb57e846126daef98ef7ed15400313e977
Patch
Third Party Advisory
https://github.com/vmware/xenon/commit/ec30db9afada9cb52852082ce4d7d0095524f3b3
Patch
Third Party Advisory
http://seclists.org/oss-sec/2018/q1/153
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/103093
Third Party Advisory
VDB Entry
https://github.com/vmware/xenon/commit/055ae13603f0cc3cd7cf59f20ce314bf8db583e1
Patch
Third Party Advisory
https://github.com/vmware/xenon/commit/06b9947cf603ba40fd8b03bfeb2e84528a7ab592
Patch
Third Party Advisory
https://github.com/vmware/xenon/commit/30ae41bccf418d88b52b35a81efb3c1304b798f8
Patch
Third Party Advisory
https://github.com/vmware/xenon/commit/5682ef8d40569afd00fb9a5933e7706bb5b66713
Patch
Third Party Advisory
https://github.com/vmware/xenon/commit/756d893573414eec8635c2aba2345c4dcf10b21c
Patch
Third Party Advisory
https://github.com/vmware/xenon/commit/7a747d82b80cd38d2c11a0d9cdedb71c722a2c75
Patch
Third Party Advisory
https://github.com/vmware/xenon/commit/b1fd306047ecdac82661d636ebee801a7f2b3a0a
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:xenon:*:*:*:*:*:*:*:*

Версия от 1.0.0 (включая) до 1.5.3 (включая)

cpe:2.3:a:vmware:xenon:1.1.0:cr0-3:*:*:*:*:*:*

cpe:2.3:a:vmware:xenon:1.1.0:cr3_1:*:*:*:*:*:*

cpe:2.3:a:vmware:xenon:1.3.7:cr1_2:*:*:*:*:*:*

cpe:2.3:a:vmware:xenon:1.4.2:cr4_1:*:*:*:*:*:*

cpe:2.3:a:vmware:xenon:1.5.4:cr2:*:*:*:*:*:*

cpe:2.3:a:vmware:xenon:1.5.4:cr3:*:*:*:*:*:*

cpe:2.3:a:vmware:xenon:1.5.4:cr4:*:*:*:*:*:*

cpe:2.3:a:vmware:xenon:1.5.4:cr5:*:*:*:*:*:*

cpe:2.3:a:vmware:xenon:1.5.4:cr6:*:*:*:*:*:*

cpe:2.3:a:vmware:xenon:1.5.4:cr6_1:*:*:*:*:*:*

cpe:2.3:a:vmware:xenon:1.5.4:cr6_2:*:*:*:*:*:*

cpe:2.3:a:vmware:xenon:1.5.4:cr7:*:*:*:*:*:*

cpe:2.3:a:vmware:xenon:1.5.4_8:*:*:*:*:*:*:*

cpe:2.3:a:vmware:xenon:1.5.7_7:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01924

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-rmq6-x837-659x