Back to CVE Browser

CVE-2016-7462

HIGH

8.5

CVSS Severity Score

EPSS Score0.0180%

EPSS Percentile5.95th

PublishedDec 29, 2016

Last ModifiedMay 6, 2026

Vulnerability Description

The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization.

Affected Platforms (CPE)

📦

Vmware

Vrealize Operations

= 6.0.0

📦

Vmware

Vrealize Operations

= 6.1.0

📦

Vmware

Vrealize Operations

= 6.2.0a

📦

Vmware

Vrealize Operations

= 6.2.1

📦

Vmware

Vrealize Operations

= 6.3.0

References & Advisories

🔗 http://www.securityfocus.com/bid/94351

🔗 http://www.securitytracker.com/id/1037297

🔗 http://www.vmware.com/security/advisories/VMSA-2016-0020.html

🔗 https://www.tenable.com/security/research/tra-2016-34

🔗 http://www.securityfocus.com/bid/94351

🔗 http://www.securitytracker.com/id/1037297

🔗 http://www.vmware.com/security/advisories/VMSA-2016-0020.html

🔗 https://www.tenable.com/security/research/tra-2016-34

Related Vulnerabilities

CVE-2016-745710.0

VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove v...

CVE-2020-39439.8

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not secure...

CVE-2020-39448.6

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration ...

CVE-2020-39457.5

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnera...