{"id":"CVE-2017-4952","details":"VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure.","modified":"2026-05-19T04:00:24.475391037Z","published":"2018-05-02T14:29:00.380Z","database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:a:vmware:xenon:*:*:*:*:*:*:*:*","cpe:2.3:a:vmware:xenon:1.1.0:cr0-3:*:*:*:*:*:*","cpe:2.3:a:vmware:xenon:1.1.0:cr3_1:*:*:*:*:*:*","cpe:2.3:a:vmware:xenon:1.3.7:cr1_2:*:*:*:*:*:*","cpe:2.3:a:vmware:xenon:1.4.2:cr4_1:*:*:*:*:*:*","cpe:2.3:a:vmware:xenon:1.5.4:cr2:*:*:*:*:*:*","cpe:2.3:a:vmware:xenon:1.5.4:cr3:*:*:*:*:*:*","cpe:2.3:a:vmware:xenon:1.5.4:cr4:*:*:*:*:*:*","cpe:2.3:a:vmware:xenon:1.5.4:cr5:*:*:*:*:*:*","cpe:2.3:a:vmware:xenon:1.5.4:cr6:*:*:*:*:*:*","cpe:2.3:a:vmware:xenon:1.5.4:cr6_1:*:*:*:*:*:*","cpe:2.3:a:vmware:xenon:1.5.4:cr6_2:*:*:*:*:*:*","cpe:2.3:a:vmware:xenon:1.5.4:cr7:*:*:*:*:*:*","cpe:2.3:a:vmware:xenon:1.5.4_8:*:*:*:*:*:*:*","cpe:2.3:a:vmware:xenon:1.5.7_7:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"vmware:xenon","extracted_events":[{"introduced":"1.0.0"},{"last_affected":"1.5.3"},{"last_affected":"1.1.0-cr0\\-3"},{"last_affected":"1.1.0-cr3_1"},{"last_affected":"1.3.7-cr1_2"},{"last_affected":"1.4.2-cr4_1"},{"last_affected":"1.5.4-cr2"},{"last_affected":"1.5.4-cr3"},{"last_affected":"1.5.4-cr4"},{"last_affected":"1.5.4-cr5"},{"last_affected":"1.5.4-cr6"},{"last_affected":"1.5.4-cr6_1"},{"last_affected":"1.5.4-cr6_2"},{"last_affected":"1.5.4-cr7"},{"last_affected":"1.5.4_8"},{"last_affected":"1.5.7_7"}]}]},"references":[{"type":"ADVISORY","url":"http://seclists.org/oss-sec/2018/q1/153"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/103093"},{"type":"FIX","url":"https://github.com/vmware/xenon/commit/055ae13603f0cc3cd7cf59f20ce314bf8db583e1"},{"type":"FIX","url":"https://github.com/vmware/xenon/commit/06b9947cf603ba40fd8b03bfeb2e84528a7ab592"},{"type":"FIX","url":"https://github.com/vmware/xenon/commit/30ae41bccf418d88b52b35a81efb3c1304b798f8"},{"type":"FIX","url":"https://github.com/vmware/xenon/commit/5682ef8d40569afd00fb9a5933e7706bb5b66713"},{"type":"FIX","url":"https://github.com/vmware/xenon/commit/756d893573414eec8635c2aba2345c4dcf10b21c"},{"type":"FIX","url":"https://github.com/vmware/xenon/commit/7a747d82b80cd38d2c11a0d9cdedb71c722a2c75"},{"type":"FIX","url":"https://github.com/vmware/xenon/commit/b1fd306047ecdac82661d636ebee801a7f2b3a0a"},{"type":"FIX","url":"https://github.com/vmware/xenon/commit/c23964eb57e846126daef98ef7ed15400313e977"},{"type":"FIX","url":"https://github.com/vmware/xenon/commit/ec30db9afada9cb52852082ce4d7d0095524f3b3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vmware-archive/xenon","events":[{"introduced":"0"},{"fixed":"055ae13603f0cc3cd7cf59f20ce314bf8db583e1"},{"fixed":"06b9947cf603ba40fd8b03bfeb2e84528a7ab592"},{"fixed":"30ae41bccf418d88b52b35a81efb3c1304b798f8"},{"fixed":"5682ef8d40569afd00fb9a5933e7706bb5b66713"},{"fixed":"756d893573414eec8635c2aba2345c4dcf10b21c"},{"fixed":"7a747d82b80cd38d2c11a0d9cdedb71c722a2c75"},{"fixed":"b1fd306047ecdac82661d636ebee801a7f2b3a0a"},{"fixed":"c23964eb57e846126daef98ef7ed15400313e977"},{"fixed":"ec30db9afada9cb52852082ce4d7d0095524f3b3"}],"database_specific":{"source":"REFERENCES"}}],"versions":["v1.5.7_6-release","v1.4.2-CR4-release","v1.1.0-CR0-2-release","v1.3.7-CR1_1-release","v1.5.4-CR6_1-release","v1.5.4-CR7-release","v1.5.4-CR6-release","v1.3.7-CR1-release","v1.5.7_5-release","v1.5.7-CR4-release","v1.6.0-release","v1.5.7-CR3-release","v1.5.4-CR5-release","v1.5.7-CR2-release","v1.5.7-CR1-release","v1.1.0-CR0-1-release","v1.5.7-release","v1.5.4-CR4-release","v1.5.6-release","v1.5.5-release","v1.3.7-release","v1.5.4-CR3-release","v1.5.4-CR2-release","v1.5.4-release","v1.5.3-release","v1.5.2-release","v1.5.1-release","v1.4.2-CR3-release","v1.4.2-CR2-release","v1.4.2-CR1-release","v1.5.0-release","v1.4.2-release","v1.4.1-release","v1.4.0-release","v1.3.3-release","v1.1.0-release","v1.3.2-release","v1.3.0-release","v1.0.0-release","v1.2.0-release","v1.1.1-release","v0.9.7-release","v0.9.6-release","v0.9.5-release","v0.9.4-release","v0.9.3-release","v0.9.2-release","v0.9.1-release","v0.9.0-release","v0.8.2-release","v0.8.1-release","v0.8.0-release","v0.7.6-release","v0.7.5-release","v0.7.2-release","v0.7.1-release","v0.7.0-release","v0.6.0-release","v0.5.1-release","v0.5.0-release","v0.4.1-release","v0.4.0-release","v0.3.2-release","v0.3.1-release","v0.3.0-release"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-4952.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}