High severity7.7NVD Advisory· Published Dec 29, 2016· Updated Jun 17, 2026
CVE-2016-7459
CVE-2016-7459
Description
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:a:vmware:vcenter_server:5.0:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:vmware:vcenter_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:5.5:1:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:5.5:2:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:5.5:3a:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:5.5:3b:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.0:1:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.0:1b:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.0:2:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.0:2m:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.0:a:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.0:b:*:*:*:*:*:*
- (no CPE)range: < 5.5 U3e, < 6.0 U2a
Patches
Vulnerability mechanics
References
3- www.vmware.com/security/advisories/VMSA-2016-0022.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/94486nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037329nvd
News mentions
0No linked articles in our index yet.