{"containers":{"cna":{"affected":[{"product":"VMware Xenon","vendor":"VMware","versions":[{"status":"affected","version":"1.x prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8."}]}],"datePublic":"2018-02-13T00:00:00.000Z","descriptions":[{"lang":"en","value":"VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure."}],"problemTypes":[{"descriptions":[{"description":"Authentication bypass vulnerability","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-05-29T14:57:01.000Z","orgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","shortName":"vmware"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/vmware/xenon/commit/b1fd306047ecdac82661d636ebee801a7f2b3a0a"},{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/vmware/xenon/commit/30ae41bccf418d88b52b35a81efb3c1304b798f8"},{"name":"103093","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/103093"},{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/vmware/xenon/commit/756d893573414eec8635c2aba2345c4dcf10b21c"},{"name":"[oss-security] 20180213 Authentication Bypass Vulnerability in VMware Xenon (CVE-2017-4952)","tags":["mailing-list","x_refsource_MLIST"],"url":"http://seclists.org/oss-sec/2018/q1/153"},{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/vmware/xenon/commit/5682ef8d40569afd00fb9a5933e7706bb5b66713"},{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/vmware/xenon/commit/ec30db9afada9cb52852082ce4d7d0095524f3b3"},{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/vmware/xenon/commit/055ae13603f0cc3cd7cf59f20ce314bf8db583e1"},{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/vmware/xenon/commit/c23964eb57e846126daef98ef7ed15400313e977"},{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/vmware/xenon/commit/7a747d82b80cd38d2c11a0d9cdedb71c722a2c75"},{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/vmware/xenon/commit/06b9947cf603ba40fd8b03bfeb2e84528a7ab592"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@vmware.com","DATE_PUBLIC":"2018-02-13T00:00:00","ID":"CVE-2017-4952","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"VMware Xenon","version":{"version_data":[{"version_value":"1.x prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8."}]}}]},"vendor_name":"VMware"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Authentication bypass vulnerability"}]}]},"references":{"reference_data":[{"name":"https://github.com/vmware/xenon/commit/b1fd306047ecdac82661d636ebee801a7f2b3a0a","refsource":"CONFIRM","url":"https://github.com/vmware/xenon/commit/b1fd306047ecdac82661d636ebee801a7f2b3a0a"},{"name":"https://github.com/vmware/xenon/commit/30ae41bccf418d88b52b35a81efb3c1304b798f8","refsource":"CONFIRM","url":"https://github.com/vmware/xenon/commit/30ae41bccf418d88b52b35a81efb3c1304b798f8"},{"name":"103093","refsource":"BID","url":"http://www.securityfocus.com/bid/103093"},{"name":"https://github.com/vmware/xenon/commit/756d893573414eec8635c2aba2345c4dcf10b21c","refsource":"CONFIRM","url":"https://github.com/vmware/xenon/commit/756d893573414eec8635c2aba2345c4dcf10b21c"},{"name":"[oss-security] 20180213 Authentication Bypass Vulnerability in VMware Xenon (CVE-2017-4952)","refsource":"MLIST","url":"http://seclists.org/oss-sec/2018/q1/153"},{"name":"https://github.com/vmware/xenon/commit/5682ef8d40569afd00fb9a5933e7706bb5b66713","refsource":"CONFIRM","url":"https://github.com/vmware/xenon/commit/5682ef8d40569afd00fb9a5933e7706bb5b66713"},{"name":"https://github.com/vmware/xenon/commit/ec30db9afada9cb52852082ce4d7d0095524f3b3","refsource":"CONFIRM","url":"https://github.com/vmware/xenon/commit/ec30db9afada9cb52852082ce4d7d0095524f3b3"},{"name":"https://github.com/vmware/xenon/commit/055ae13603f0cc3cd7cf59f20ce314bf8db583e1","refsource":"CONFIRM","url":"https://github.com/vmware/xenon/commit/055ae13603f0cc3cd7cf59f20ce314bf8db583e1"},{"name":"https://github.com/vmware/xenon/commit/c23964eb57e846126daef98ef7ed15400313e977","refsource":"CONFIRM","url":"https://github.com/vmware/xenon/commit/c23964eb57e846126daef98ef7ed15400313e977"},{"name":"https://github.com/vmware/xenon/commit/7a747d82b80cd38d2c11a0d9cdedb71c722a2c75","refsource":"CONFIRM","url":"https://github.com/vmware/xenon/commit/7a747d82b80cd38d2c11a0d9cdedb71c722a2c75"},{"name":"https://github.com/vmware/xenon/commit/06b9947cf603ba40fd8b03bfeb2e84528a7ab592","refsource":"CONFIRM","url":"https://github.com/vmware/xenon/commit/06b9947cf603ba40fd8b03bfeb2e84528a7ab592"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T14:47:43.298Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/vmware/xenon/commit/b1fd306047ecdac82661d636ebee801a7f2b3a0a"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/vmware/xenon/commit/30ae41bccf418d88b52b35a81efb3c1304b798f8"},{"name":"103093","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/103093"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/vmware/xenon/commit/756d893573414eec8635c2aba2345c4dcf10b21c"},{"name":"[oss-security] 20180213 Authentication Bypass Vulnerability in VMware Xenon (CVE-2017-4952)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://seclists.org/oss-sec/2018/q1/153"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/vmware/xenon/commit/5682ef8d40569afd00fb9a5933e7706bb5b66713"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/vmware/xenon/commit/ec30db9afada9cb52852082ce4d7d0095524f3b3"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/vmware/xenon/commit/055ae13603f0cc3cd7cf59f20ce314bf8db583e1"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/vmware/xenon/commit/c23964eb57e846126daef98ef7ed15400313e977"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/vmware/xenon/commit/7a747d82b80cd38d2c11a0d9cdedb71c722a2c75"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/vmware/xenon/commit/06b9947cf603ba40fd8b03bfeb2e84528a7ab592"}]}]},"cveMetadata":{"assignerOrgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","assignerShortName":"vmware","cveId":"CVE-2017-4952","datePublished":"2018-05-02T14:00:00.000Z","dateReserved":"2016-12-26T00:00:00.000Z","dateUpdated":"2024-09-16T23:41:59.277Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}