CVE-2016-7462 Information
Feb 14, 2021
cve
Description
The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
Reference
http://www.securityfocus.com/bid/94351 http://www.securitytracker.com/id/1037297 http://www.vmware.com/security/advisories/VMSA-2016-0020.html https://www.tenable.com/security/research/tra-2016-34
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
CHANGED
Integrity Impact
NONE
Availability Impact
LOW
Base Score
HIGH
Base Severity
8.5
Share on: