CVE-2017-4952

CVE Database · CVE-2017-4952

CVE-2017-4952

· N/AModified

CVSS v3.1

N/A

EPSS

4.09%

Published

May 2, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure.

Weaknesses (CWE)

CWE-732

Affected Products (15)

vmware · xenonvulnerable

· xenon

References (20)

http://seclists.org/oss-sec/2018/q1/153

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/103093

Third Party AdvisoryVDB Entry

https://github.com/vmware/xenon/commit/055ae13603f0cc3cd7cf59f20ce314bf8db583e1

PatchThird Party Advisory

https://github.com/vmware/xenon/commit/06b9947cf603ba40fd8b03bfeb2e84528a7ab592

PatchThird Party Advisory

https://github.com/vmware/xenon/commit/30ae41bccf418d88b52b35a81efb3c1304b798f8

PatchThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs