CVE-2016-7459

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions 5.5 before U3e and 6.0 before U2a

Description The issue is related to an XML External Entity (XXE) problem, where there is an incorrect restriction of XML links to external objects. This can be exploited by a remote attacker to gain access to confidential information by sending a specially crafted XML request to the server. The exploitation is possible through the Log Browser, Distributed Switch setup, or Content Library XML document.

Recommendations For versions 5.5 before U3e, update to U3e or later to resolve the issue. For versions 6.0 before U2a, update to U2a or later to resolve the issue. As a temporary workaround, consider restricting access to the Log Browser, Distributed Switch setup, and Content Library XML documents to minimize the risk of exploitation.