Medium severity5.8NVD Advisory· Published Dec 29, 2016· Updated Jun 17, 2026
CVE-2016-7458
CVE-2016-7458
Description
VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13cpe:2.3:a:vmware:vsphere_client:5.5:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:vmware:vsphere_client:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vsphere_client:5.5:u1:*:*:*:*:*:*
- cpe:2.3:a:vmware:vsphere_client:5.5:u2:*:*:*:*:*:*
- cpe:2.3:a:vmware:vsphere_client:5.5:u3a:*:*:*:*:*:*
- cpe:2.3:a:vmware:vsphere_client:5.5:u3b:*:*:*:*:*:*
- cpe:2.3:a:vmware:vsphere_client:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vsphere_client:6.0:2:*:*:*:*:*:*
- cpe:2.3:a:vmware:vsphere_client:6.0:2m:*:*:*:*:*:*
- cpe:2.3:a:vmware:vsphere_client:6.0:a:*:*:*:*:*:*
- cpe:2.3:a:vmware:vsphere_client:6.0:b:*:*:*:*:*:*
- cpe:2.3:a:vmware:vsphere_client:6.0:u1:*:*:*:*:*:*
- cpe:2.3:a:vmware:vsphere_client:6.0:u1b:*:*:*:*:*:*
- (no CPE)range: < 5.5 U3e and < 6.0 U2a
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/94483nvdThird Party AdvisoryVDB Entry
- www.vmware.com/security/advisories/VMSA-2016-0022.htmlnvdVendor Advisory
- www.securitytracker.com/id/1037328nvd
News mentions
0No linked articles in our index yet.