CyberSec.Space Logo
返回 CVE 浏览器

CVE-2016-7462

HIGH
8.5
CVSS Severity Score
EPSS Score0.0180%
EPSS Percentile5.95th
Published2016年12月29日
Last Modified2026年5月6日

Vulnerability Description

The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization.

Affected Platforms (CPE)

📦
Vmware

Vrealize Operations

= 6.0.0
📦
Vmware

Vrealize Operations

= 6.1.0
📦
Vmware

Vrealize Operations

= 6.2.0a
📦
Vmware

Vrealize Operations

= 6.2.1
📦
Vmware

Vrealize Operations

= 6.3.0

References & Advisories

🔗 http://www.securityfocus.com/bid/94351
🔗 http://www.securitytracker.com/id/1037297
🔗 http://www.vmware.com/security/advisories/VMSA-2016-0020.html
🔗 https://www.tenable.com/security/research/tra-2016-34
🔗 http://www.securityfocus.com/bid/94351
🔗 http://www.securitytracker.com/id/1037297
🔗 http://www.vmware.com/security/advisories/VMSA-2016-0020.html
🔗 https://www.tenable.com/security/research/tra-2016-34

相关漏洞威胁

CVE-2016-745710.0

VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove v...

CVE-2020-39439.8

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not secure...

CVE-2020-39448.6

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration ...

CVE-2020-39457.5

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnera...