Lucene search

[email protected]NVD:CVE-2017-4940

HistoryDec 20, 2017 - 3:29 p.m.

CVE-2017-4940

2017-12-2015:29:00

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.7%

JSON

The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.

Affected configurations

NVD

Node

vmwareesxiMatch5.5-

vmwareesxiMatch5.51

vmwareesxiMatch5.52

vmwareesxiMatch5.53a

vmwareesxiMatch5.53b

vmwareesxiMatch5.5550-20170901001s

vmwareesxiMatch6.0-

vmwareesxiMatch6.01

vmwareesxiMatch6.01a

vmwareesxiMatch6.01b

vmwareesxiMatch6.02

vmwareesxiMatch6.03

vmwareesxiMatch6.03a

vmwareesxiMatch6.0600-201504401

vmwareesxiMatch6.0600-201505401

vmwareesxiMatch6.0600-201507101

vmwareesxiMatch6.0600-201507102

vmwareesxiMatch6.0600-201507401

vmwareesxiMatch6.0600-201507402

vmwareesxiMatch6.0600-201507403

vmwareesxiMatch6.0600-201507404

vmwareesxiMatch6.0600-201507405

vmwareesxiMatch6.0600-201507406

vmwareesxiMatch6.0600-201507407

vmwareesxiMatch6.0600-201509101

vmwareesxiMatch6.0600-201509102

vmwareesxiMatch6.0600-201509201

vmwareesxiMatch6.0600-201509202

vmwareesxiMatch6.0600-201509203

vmwareesxiMatch6.0600-201509204

vmwareesxiMatch6.0600-201509205

vmwareesxiMatch6.0600-201509206

vmwareesxiMatch6.0600-201509207

vmwareesxiMatch6.0600-201509208

vmwareesxiMatch6.0600-201509209

vmwareesxiMatch6.0600-201509210

vmwareesxiMatch6.0600-201510401

vmwareesxiMatch6.0600-201511401

vmwareesxiMatch6.0600-201601101

vmwareesxiMatch6.0600-201601102

vmwareesxiMatch6.0600-201601401

vmwareesxiMatch6.0600-201601402

vmwareesxiMatch6.0600-201601403

vmwareesxiMatch6.0600-201601404

vmwareesxiMatch6.0600-201601405

vmwareesxiMatch6.0600-201602401

vmwareesxiMatch6.0600-201603101

vmwareesxiMatch6.0600-201603102

vmwareesxiMatch6.0600-201603201

vmwareesxiMatch6.0600-201603202

vmwareesxiMatch6.0600-201603203

vmwareesxiMatch6.0600-201603204

vmwareesxiMatch6.0600-201603205

vmwareesxiMatch6.0600-201603206

vmwareesxiMatch6.0600-201603207

vmwareesxiMatch6.0600-201603208

vmwareesxiMatch6.0600-201605401

vmwareesxiMatch6.0600-201608101

vmwareesxiMatch6.0600-201608401

vmwareesxiMatch6.0600-201608402

vmwareesxiMatch6.0600-201608403

vmwareesxiMatch6.0600-201608404

vmwareesxiMatch6.0600-201608405

vmwareesxiMatch6.0600-201610410

vmwareesxiMatch6.0600-201611401

vmwareesxiMatch6.0600-201611402

vmwareesxiMatch6.0600-201611403

vmwareesxiMatch6.0600-201702101

vmwareesxiMatch6.0600-201702102

vmwareesxiMatch6.0600-201702201

vmwareesxiMatch6.0600-201702202

vmwareesxiMatch6.0600-201702203

vmwareesxiMatch6.0600-201702204

vmwareesxiMatch6.0600-201702205

vmwareesxiMatch6.0600-201702206

vmwareesxiMatch6.0600-201702207

vmwareesxiMatch6.0600-201702208

vmwareesxiMatch6.0600-201702209

vmwareesxiMatch6.0600-201702210

vmwareesxiMatch6.0600-201702211

vmwareesxiMatch6.0600-201702212

vmwareesxiMatch6.0600-201703401

vmwareesxiMatch6.0600-201706101

vmwareesxiMatch6.0600-201706102

vmwareesxiMatch6.0600-201706103

vmwareesxiMatch6.0600-201706401

vmwareesxiMatch6.0600-201706402

vmwareesxiMatch6.0600-201706403

vmwareesxiMatch6.0600-201710301

vmwareesxiMatch6.5-

vmwareesxiMatch6.5650-201701001

vmwareesxiMatch6.5650-201703001

vmwareesxiMatch6.5650-201703002

vmwareesxiMatch6.5650-201704001

vmwareesxiMatch6.5650-201707101

vmwareesxiMatch6.5650-201707102

vmwareesxiMatch6.5650-201707103

vmwareesxiMatch6.5650-201707201

vmwareesxiMatch6.5650-201707202

vmwareesxiMatch6.5650-201707203

vmwareesxiMatch6.5650-201707204

vmwareesxiMatch6.5650-201707205

vmwareesxiMatch6.5650-201707206

vmwareesxiMatch6.5650-201707207

vmwareesxiMatch6.5650-201707208

vmwareesxiMatch6.5650-201707209

vmwareesxiMatch6.5650-201707210

vmwareesxiMatch6.5650-201707211

vmwareesxiMatch6.5650-201707212

vmwareesxiMatch6.5650-201707213

vmwareesxiMatch6.5650-201707214

vmwareesxiMatch6.5650-201707215

vmwareesxiMatch6.5650-201707216

vmwareesxiMatch6.5650-201707217

vmwareesxiMatch6.5650-201707218

vmwareesxiMatch6.5650-201707219

vmwareesxiMatch6.5650-201707220

vmwareesxiMatch6.5650-201707221

vmwareesxiMatch6.5650-201710001

vmwareesxiMatch6.5650-201712001

References

www.securitytracker.com/id/1040024

www.vmware.com/security/advisories/VMSA-2017-0021.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.7%

JSON

Related for NVD:CVE-2017-4940

cve1 cvelist1 prion1 vmware1 nessus2 kaspersky1