CVE-2016-7462 | Vulnerability Database | Aqua Security

The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization.

Affected Software

Name	Vendor	Start Version	End Version
Vrealize_operations	Vmware	6.0.0 (including)	6.0.0 (including)
Vrealize_operations	Vmware	6.1.0 (including)	6.1.0 (including)
Vrealize_operations	Vmware	6.2.0a (including)	6.2.0a (including)
Vrealize_operations	Vmware	6.2.1 (including)	6.2.1 (including)
Vrealize_operations	Vmware	6.3.0 (including)	6.3.0 (including)

References

http://www.securityfocus.com/bid/94351
http://www.securitytracker.com/id/1037297
http://www.vmware.com/security/advisories/VMSA-2016-0020.html
https://www.tenable.com/security/research/tra-2016-34
http://www.securityfocus.com/bid/94351
http://www.securitytracker.com/id/1037297
http://www.vmware.com/security/advisories/VMSA-2016-0020.html
https://www.tenable.com/security/research/tra-2016-34

NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-7462
CWE	https://cwe.mitre.org/data/definitions/264.html