CVE-2016-7458 VMware vCenter Server 6.0 Update 2a Missing (VMSA-2016-0022)




VMware vCenter is the centralized management tool for the vSphere suite. The target is missing Update 2a, which corrects the following security issue:

vCenter Server contains an XML External Entity (XXE) vulnerability in the Log Browser, the Distributed Switch setup, and the Content Library.
vCenter Server and vRealize Automation contain an XML External Entity (XXE) vulnerability in the Single Sign-On functionality.


A specially crafted XML request issued to the server by an authorized user may lead to unintended information disclosure.


VMware has issued a fix (vCenter Server 6.0 U2a).

Upgrade vCenter Server Appliance to Build 4541947 or apply the latest VMware vCenter Server Appliance build.

Refer to VMSA-2016-0022 for further details.

Following are links for downloading patches to fix the vulnerabilities:

VMSA-2016-0022: VMware vCenter Server 6.0

Leave a Reply