fkie_nvd - fkie_cve-2016-2081

fkie_cve-2016-2081

Vulnerability from fkie_nvd

Published

2016-07-03 01:59

Modified

2024-11-21 02:47

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://www.securitytracker.com/id/1036078
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2016-0008.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036078
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2016-0008.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
vmware	vrealize_log_insight	2.0
vmware	vrealize_log_insight	2.0.5
vmware	vrealize_log_insight	2.5
vmware	vrealize_log_insight	2.5.1
vmware	vrealize_log_insight	3.0
vmware	vrealize_log_insight	3.0.1
vmware	vrealize_log_insight	3.3
vmware	vrealize_log_insight	3.3.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:vrealize_log_insight:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECA721D3-A31B-4B0C-A9B3-0729E5A486E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vrealize_log_insight:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3981C264-6EBB-496E-BE5A-1670FABAFAF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vrealize_log_insight:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B59B01D4-7ED4-4A20-958D-BC5AB8CD5604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vrealize_log_insight:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "40565FA2-BEA0-4DE8-85D0-42AD3415E2AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vrealize_log_insight:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35562FBD-9183-45E8-8E3F-3E24CCFDD759",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vrealize_log_insight:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "45670401-3130-4504-BE48-19AEFAB0854E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vrealize_log_insight:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F7C79B-09A9-42F3-AD1A-0BACE2FB5D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vrealize_log_insight:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCEFB9D5-418C-4012-9961-E1FA94CDDAB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en VMware vRealize Log Insight 2.x y 3.x en versiones anteriores a 3.3.2 permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-2081",
  "lastModified": "2024-11-21T02:47:46.293",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-03T01:59:06.907",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1036078"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2016-0008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2016-0008.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2016-2081

Vulnerability from cvelistv5

Published

2016-07-03 01:00