VYPR
Get started
← All advisories
High severity7.5NVD Advisory· Published Nov 17, 2017· Updated May 13, 2026

CVE-2017-4928

CVE-2017-4928

Description

The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.

Affected products

28
  • VMware/Vcenter Server27 versions
    cpe:2.3:a:vmware:vcenter_server:5.5:*:*:*:*:*:*:*+ 26 more
    • cpe:2.3:a:vmware:vcenter_server:5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:5.5:1:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:5.5:1a:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:5.5:1b:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:5.5:1c:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:5.5:2:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:5.5:2b:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:5.5:2d:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:5.5:2e:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:5.5:3:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:5.5:3a:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:5.5:3b:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:5.5:3d:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:5.5:3e:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:5.5:b:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:5.5:c:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:6.0:1:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:6.0:1b:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:6.0:2:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:6.0:2a:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:6.0:2m:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:6.0:3:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:6.0:3a:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:6.0:3b:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:6.0:a:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_server:6.0:b:*:*:*:*:*:*
  • VMware/vSphere Web Clientv5
    Range: 6.0 prior to 6.0 U3c

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.