cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2017-4928,https://securityvulnerability.io/vulnerability/CVE-2017-4928,,"The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.",Vmware,Vsphere Web Client,7.5,HIGH,0.0010600000387057662,false,false,false,false,,false,false,2017-11-17T14:29:00.000Z,0
CVE-2016-7458,https://securityvulnerability.io/vulnerability/CVE-2016-7458,,"VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",Vmware,Vsphere Client,5.8,MEDIUM,0.0013500000350177288,false,false,false,false,,false,false,2016-12-29T09:02:00.000Z,0
CVE-2014-1210,https://securityvulnerability.io/vulnerability/CVE-2014-1210,,"VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.",Vmware,Vsphere Client,,,0.000590000010561198,false,false,false,false,,false,false,2014-04-11T19:00:00.000Z,0
CVE-2014-1209,https://securityvulnerability.io/vulnerability/CVE-2014-1209,,"VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors.",Vmware,Vsphere Client,,,0.0066200001165270805,false,false,false,false,,false,false,2014-04-11T19:00:00.000Z,0