<p>Upgrade <code>com.vmware.xenon:xenon-common</code> to version 1.5.4-CR7_1, 1.5.4_7, 1.5.4-CR6_2, 1.5.4_8, 1.4.2-CR4_1, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1 or higher.</p>

Authentication Bypass Affecting com.vmware.xenon:xenon-common package, versions [,1.1.0-CR0-3) [1.1.0-CR1,1.1.0-CR3_1) [1.1.0-CR4,1.3.7-CR1_2) [1.4.0,1.4.2-CR4_1) [1.5.0,1.5.4-CR6_2) [1.5.4-CR7,1.5.4-CR7_1] [1.5.5,1.5.7_9)

Threat Intelligence

0.36% (73^rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-COMVMWAREXENON-31636
published 21 Feb 2018
disclosed 12 Feb 2018
credit George Chrysanthakopoulos

Report a new vulnerability Found a mistake?

Introduced: 12 Feb 2018

CVE-2017-4952 Open this link in a new tab CWE-592 Open this link in a new tab

How to fix?

Upgrade com.vmware.xenon:xenon-common to version 1.5.4-CR7_1, 1.5.4_7, 1.5.4-CR6_2, 1.5.4_8, 1.4.2-CR4_1, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1 or higher.

Overview

Affected versions of com.vmware.xenon:xenon-common are vulnerable to Authentication Bypass due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

High
Integrity (I)

None
Availability (A)

None