CVE-2017-4952

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-4952
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-4952.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-4952
Published
2018-05-02T14:29:00Z
Modified
2025-01-08T10:13:06.981886Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

VMware Xenon 1.x, prior to 1.5.4-CR71, 1.5.77, 1.5.4-CR62, 1.3.7-CR12, 1.1.0-CR0-3, 1.1.0-CR31,1.4.2-CR41, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure.

References

Affected packages

Git / github.com/vmware-archive/xenon

Affected ranges

Type
GIT
Repo
https://github.com/vmware-archive/xenon
Events
Type
GIT
Repo
https://github.com/vmware/xenon
Events

Affected versions

v0.*

v0.3.0-release
v0.3.1-release
v0.3.2-release
v0.4.0-release
v0.4.1-release
v0.5.0-release
v0.5.1-release
v0.6.0-release
v0.7.0-release
v0.7.1-release
v0.7.2-release
v0.7.5-release
v0.7.6-release
v0.8.0-release
v0.8.1-release
v0.8.2-release
v0.9.0-release
v0.9.1-release
v0.9.2-release
v0.9.3-release
v0.9.4-release
v0.9.5-release
v0.9.6-release
v0.9.7-release

v1.*

v1.0.0-release
v1.1.0-CR0-1-release
v1.1.0-CR0-2-release
v1.1.0-CR0-3-release
v1.1.0-CR1-release
v1.1.0-CR2-release
v1.1.0-CR3-release
v1.1.0-CR3_1-release
v1.1.0-release
v1.1.1-release
v1.2.0-release
v1.3.0-release
v1.3.2-release
v1.3.3-release
v1.3.7-CR1-release
v1.3.7-CR1_1-release
v1.3.7-CR1_2-release
v1.3.7-release
v1.4.0-release
v1.4.1-release
v1.4.2-CR1-release
v1.4.2-CR2-release
v1.4.2-CR3-release
v1.4.2-CR4-release
v1.4.2-CR4_1-release
v1.4.2-release
v1.5.0-release
v1.5.1-release
v1.5.2-release
v1.5.3-release
v1.5.4-CR2-release
v1.5.4-CR3-release
v1.5.4-CR4-release
v1.5.4-CR5-release
v1.5.4-CR6-release
v1.5.4-CR6_1-release
v1.5.4-CR7-release
v1.5.4-release
v1.5.5-release
v1.5.6-release
v1.5.7-CR1-release
v1.5.7-CR2-release
v1.5.7-CR3-release
v1.5.7-CR4-release
v1.5.7-release
v1.5.7_5-release
v1.5.7_6-release
v1.6.0-release