ALT-PU-2022-7790-1

Package update open-vm-tools in branch sisyphus

Version12.0.5-alt1

Published2022-05-25

Max severityHIGH

Severity:

Closed issues (2)

MEDIUM5.8

Уязвимость набора утилит VMware Tools для операционных систем Windows, позволяющая нарушителю позволяющая нарушителю проводить XXE-атаки

Published: 2022-08-18

CVSS 3.xMEDIUM 5.8

CVSS:3.x/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:L/AC:H/Au:S/C:C/I:P/A:P

References

HIGH7.1

VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.

Published: 2022-05-24Modified: 2024-11-21

CVSS 2.0LOW 3.6

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:P

CVSS 3.xHIGH 7.1

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

References