VYPR
Medium severity5.8NVD Advisory· Published Dec 29, 2016· Updated Jun 17, 2026

CVE-2016-7458

CVE-2016-7458

Description

VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

13
  • cpe:2.3:a:vmware:vsphere_client:5.5:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:vmware:vsphere_client:5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vsphere_client:5.5:u1:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vsphere_client:5.5:u2:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vsphere_client:5.5:u3a:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vsphere_client:5.5:u3b:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vsphere_client:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vsphere_client:6.0:2:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vsphere_client:6.0:2m:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vsphere_client:6.0:a:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vsphere_client:6.0:b:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vsphere_client:6.0:u1:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vsphere_client:6.0:u1b:*:*:*:*:*:*
    • (no CPE)range: < 5.5 U3e and < 6.0 U2a

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.