6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.8%
a. Updated ESX Service Console package libxml2A denial of service flaw was found in the way libxml2 processescertain content. If an application that is linked againstlibxml2 processes malformed XML content, the XML content mightcause the application to stop responding.The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CVE-2008-3281 to this issue.Additionally the following was also fixed, but was missing in thesecurity advisory.A heap-based buffer overflow flaw was found in the way libxml2handled long XML entity names. If an application linked againstlibxml2 processed untrusted malformed XML content, it could causethe application to crash or, possibly, execute arbitrary code.The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CVE-2008-3529 to this issue.The following table lists what action remediates the vulnerability(column 4) if a solution is available.
CPE | Name | Operator | Version |
---|---|---|---|
esx | lt | ESX350-200811405-SG | |
esx | lt | ESX303-200810503-SG | |
esx | lt | ESX-1006968 |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.8%