The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x prior to 6.2.5 allows remote malicious users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware vrealize automation 6.0.1.1 |
||
vmware vrealize automation 6.0.1.2 |
||
vmware vrealize automation 6.2.4 |
||
vmware vrealize automation 6.1.0 |
||
vmware vrealize automation 6.1.1 |
||
vmware vrealize automation 6.2.0 |
||
vmware vrealize automation 6.2.1 |
||
vmware vrealize automation 6.0.0 |
||
vmware vrealize automation 6.0.1 |
||
vmware vrealize automation 6.2.2 |
||
vmware vrealize automation 6.2.3 |