Vulnerabilities > CVE-2016-5334 - Exposure of Resource to Wrong Sphere vulnerability in VMWare Identity Manager and Vrealize Automation

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
vmware
CWE-668

Summary

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.

Common Weakness Enumeration (CWE)