Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vmwareVMwareVMSA-2016-0020
HistoryNov 15, 2016 - 12:00 a.m.

vRealize Operations update addresses REST API deserialization vulnerability

2016-11-1500:00:00
www.vmware.com
46

EPSS

0.002

Percentile

64.4%

JSON

a. vRealize Operations REST API deserialization vulnerability

vRealize Operations contains a deserialization vulnerability in its REST API implementation. This issue may result in a Denial of Service as it allows for writing of files with arbitrary content and moving existing files into certain folders. The name format of the destination files is predefined and their names cannot be chosen. Overwriting files is not feasible.

VMware would like to thank Jacob Baines of Tenable Network Security for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2016-7462 to this issue.

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

Related

openvas 1
prion 1
nvd 1
cve 1
nessus 1
cvelist 1
impervablog 1
openvas
openvas
VMware vRealize Operations REST API Deserialization Vulnerability (VMSA-2016-0020)
2016-11-16 00:00:00
prion
prion
Deserialization of untrusted data
2016-12-29 09:59:00
nvd
nvd
CVE-2016-7462
2016-12-29 09:59:00
cve
cve
CVE-2016-7462
2016-12-29 09:59:00
nessus
nessus
VMware vRealize Operations Manager ver 6.x < 6.40 Suite API CollectorHttpRelayController RelayRequest Object DiskFileItem Deserialization DoS
2016-12-01 00:00:00
cvelist
cvelist
CVE-2016-7462
2016-12-29 09:02:00
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08

EPSS

0.002

Percentile

64.4%

JSON
Related for VMSA-2016-0020
openvas1prion1nvd1cve1nessus1cvelist1impervablog1