CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
84.7%
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vendor | Product | Version | CPE |
---|---|---|---|
vmware | vrealize_automation | 6.0.0 | cpe:2.3:a:vmware:vrealize_automation:6.0.0:*:*:*:*:*:*:* |
vmware | vrealize_automation | 6.0.1 | cpe:2.3:a:vmware:vrealize_automation:6.0.1:*:*:*:*:*:*:* |
vmware | vrealize_automation | 6.0.1.1 | cpe:2.3:a:vmware:vrealize_automation:6.0.1.1:*:*:*:*:*:*:* |
vmware | vrealize_automation | 6.0.1.2 | cpe:2.3:a:vmware:vrealize_automation:6.0.1.2:*:*:*:*:*:*:* |
vmware | vrealize_automation | 6.1.0 | cpe:2.3:a:vmware:vrealize_automation:6.1.0:*:*:*:*:*:*:* |
vmware | vrealize_automation | 6.1.1 | cpe:2.3:a:vmware:vrealize_automation:6.1.1:*:*:*:*:*:*:* |
vmware | vrealize_automation | 6.2.0 | cpe:2.3:a:vmware:vrealize_automation:6.2.0:*:*:*:*:*:*:* |
vmware | vrealize_automation | 6.2.1 | cpe:2.3:a:vmware:vrealize_automation:6.2.1:*:*:*:*:*:*:* |
vmware | vrealize_automation | 6.2.2 | cpe:2.3:a:vmware:vrealize_automation:6.2.2:*:*:*:*:*:*:* |
vmware | vrealize_automation | 6.2.3 | cpe:2.3:a:vmware:vrealize_automation:6.2.3:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
84.7%