CVE-2016-7458

Name of the Vulnerable Software and Affected Versions VMware vSphere Client versions 5.5 before U3e VMware vSphere Client versions 6.0 before U2a

Description The issue is related to an XML External Entity (XXE) problem, where an XML document containing an external entity declaration in conjunction with an entity reference can be used to read arbitrary files. This is due to incorrect restriction of XML links to external objects. Exploitation of the issue may allow a remote attacker to access confidential information by convincing a user to connect to a malicious vCenter or ESXi server.

Recommendations For versions 5.5 before U3e, update to U3e or later to resolve the issue. For versions 6.0 before U2a, update to U2a or later to resolve the issue. As a temporary workaround, consider restricting access to the vCenter and ESXi servers to minimize the risk of exploitation.