CVE-2017-4952

VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure.

Published: May 2, 2018
Updated: Nov 9, 2025
CVE: CVE-2017-4952
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-732

Affected Software
References

Software	From	Fixed in
vmware / xenon	1.3.7-cr1_2	1.3.7-cr1_2.x
vmware / xenon	1.1.0-cr0-3	1.1.0-cr0-3.x
vmware / xenon	1.1.0-cr3_1	1.1.0-cr3_1.x
vmware / xenon	1.4.2-cr4_1	1.4.2-cr4_1.x
vmware / xenon	1.5.7_7	1.5.7_7.x
vmware / xenon	1.5.4_8	1.5.4_8.x
vmware / xenon	1.0.0	1.5.3.x
vmware / xenon	1.5.4-cr2	1.5.4-cr2.x
vmware / xenon	1.5.4-cr3	1.5.4-cr3.x
vmware / xenon	1.5.4-cr4	1.5.4-cr4.x
vmware / xenon	1.5.4-cr5	1.5.4-cr5.x
vmware / xenon	1.5.4-cr6	1.5.4-cr6.x
vmware / xenon	1.5.4-cr6_1	1.5.4-cr6_1.x
vmware / xenon	1.5.4-cr6_2	1.5.4-cr6_2.x
vmware / xenon	1.5.4-cr7	1.5.4-cr7.x

Vulnerability Database

309,614

CVE-2017-4952

Deep Security Visibility Without the Complexity