PT-2016-7344 · Vmware · Vmware Vrealize Operations

Published

2016-12-29

Updated

2017-07-28

CVE-2016-7462

CVSS v3.1

8.5

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions VMware vRealize Operations versions prior to 6.4.0

Description The issue allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization. This occurs in the Suite REST API.

Recommendations For versions prior to 6.4.0, update to version 6.4.0 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-749CWE-264

Related Identifiers

CVE-2016-7462

Affected Products

Vmware Vrealize Operations

PT-2016-7344 · Vmware · Vmware Vrealize Operations

CVE-2016-7462

Weakness Enumeration

Related Identifiers

Affected Products

References · 6