CVE-2016-7462

CVE Database · CVE-2016-7462

CVE-2016-7462

· N/AModified

CVSS v3.1

N/A

EPSS

2.04%

Published

Dec 29, 2016

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization.

Weaknesses (CWE)

CWE-264CWE-749

Affected Products (5)

vmware · vrealize_operationsvulnerable

References (8)

http://www.securityfocus.com/bid/94351

http://www.securitytracker.com/id/1037297

http://www.vmware.com/security/advisories/VMSA-2016-0020.html

Vendor Advisory

https://www.tenable.com/security/research/tra-2016-34

Technical DescriptionThird Party Advisory