製品・ソフトウェアに関する情報

JVN脆弱性詳細

VMware ESXi におけるクロスサイトスクリプティングの脆弱性

Title	VMware ESXi におけるクロスサイトスクリプティングの脆弱性
Summary	VMware ESXi には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	情報を取得される、および情報を改ざんされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 19, 2017, midnight
Registration Date	Jan. 22, 2018, 4:33 p.m.
Last Update	Jan. 22, 2018, 4:33 p.m.

CVSS3.0 : 警告
Score	6.1
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS2.0 : 警告
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected System

VMware

VMware ESXi 5.5 ESXi550-201709102-SG 未満の 5.5

VMware ESXi 6.5 ESXi650-201712103-SG 未満の 6.5

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-4940	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4940
National Vulnerability Database (NVD)
2	CVE-2017-4940	https://nvd.nist.gov/vuln/detail/CVE-2017-4940

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
VMware Security Advisories
1	VMSA-2017-0021	https://www.vmware.com/security/advisories/VMSA-2017-0021.html

Change Log

No	Changed Details	Date of change
0	[2018年01月22日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2017-4940

Summary	The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.
Publication Date	Dec. 21, 2017, 12:29 a.m.
Registration Date	Jan. 26, 2021, 1:25 p.m.
Last Update	Nov. 21, 2024, 12:26 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:vmware:esxi:6.0:-::::::
cpe:2.3:o:vmware:esxi:6.5:-::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707201::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707202::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707203::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707204::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707205::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707206::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707207::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707208::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707209::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707210::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707211::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707212::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707213::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707214::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707215::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707216::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707217::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707218::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707219::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707220::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707221::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707102::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707101::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707103::::::
cpe:2.3:o:vmware:esxi:6.5:650-201701001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201703001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201703002::::::
cpe:2.3:o:vmware:esxi:6.5:650-201704001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201710001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201712001::::::
cpe:2.3:o:vmware:esxi:6.0:600-201504401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201505401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201507101::::::
cpe:2.3:o:vmware:esxi:6.0:600-201507102::::::
cpe:2.3:o:vmware:esxi:6.0:600-201507403::::::
cpe:2.3:o:vmware:esxi:6.0:600-201507404::::::
cpe:2.3:o:vmware:esxi:6.0:600-201507405::::::
cpe:2.3:o:vmware:esxi:6.0:600-201507402::::::
cpe:2.3:o:vmware:esxi:6.0:600-201507407::::::
cpe:2.3:o:vmware:esxi:6.0:600-201507406::::::
cpe:2.3:o:vmware:esxi:6.0:600-201507401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509101::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509102::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509205::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509209::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509202::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509206::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509210::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509204::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509203::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509207::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509208::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509201::::::
cpe:2.3:o:vmware:esxi:6.0:600-201510401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201511401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201601102::::::
cpe:2.3:o:vmware:esxi:6.0:600-201601101::::::
cpe:2.3:o:vmware:esxi:6.0:600-201601403::::::
cpe:2.3:o:vmware:esxi:6.0:600-201601402::::::
cpe:2.3:o:vmware:esxi:6.0:600-201601404::::::
cpe:2.3:o:vmware:esxi:6.0:600-201601405::::::
cpe:2.3:o:vmware:esxi:6.0:600-201601401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201602401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603102::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603101::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603202::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603201::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603204::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603208::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603206::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603207::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603205::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603203::::::
cpe:2.3:o:vmware:esxi:6.0:600-201605401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201608101::::::
cpe:2.3:o:vmware:esxi:6.0:600-201608401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201608403::::::
cpe:2.3:o:vmware:esxi:6.0:600-201608402::::::
cpe:2.3:o:vmware:esxi:6.0:600-201608405::::::
cpe:2.3:o:vmware:esxi:6.0:600-201608404::::::
cpe:2.3:o:vmware:esxi:6.0:600-201610410::::::
cpe:2.3:o:vmware:esxi:6.0:600-201611402::::::
cpe:2.3:o:vmware:esxi:6.0:600-201611401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201611403::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702101::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702102::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702201::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702209::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702202::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702211::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702204::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702203::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702207::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702206::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702205::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702212::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702208::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702210::::::
cpe:2.3:o:vmware:esxi:6.0:600-201703401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201706101::::::
cpe:2.3:o:vmware:esxi:6.0:600-201706102::::::
cpe:2.3:o:vmware:esxi:6.0:600-201706103::::::
cpe:2.3:o:vmware:esxi:6.0:600-201706402::::::
cpe:2.3:o:vmware:esxi:6.0:600-201706401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201706403::::::
cpe:2.3:o:vmware:esxi:6.0:600-201710301::::::
cpe:2.3:o:vmware:esxi:5.5:-::::::
cpe:2.3:o:vmware:esxi:6.0:1::::::
cpe:2.3:o:vmware:esxi:6.0:1a::::::
cpe:2.3:o:vmware:esxi:6.0:1b::::::
cpe:2.3:o:vmware:esxi:6.0:2::::::
cpe:2.3:o:vmware:esxi:6.0:3::::::
cpe:2.3:o:vmware:esxi:6.0:3a::::::
cpe:2.3:o:vmware:esxi:5.5:550-20170901001s::::::
cpe:2.3:o:vmware:esxi:5.5:1::::::
cpe:2.3:o:vmware:esxi:5.5:2::::::
cpe:2.3:o:vmware:esxi:5.5:3a::::::
cpe:2.3:o:vmware:esxi:5.5:3b::::::

Related information, measures and tools

No	URL	タグ
1	http://www.securitytracker.com/id/1040024	Third Party Advisory VDB Entry
2	http://www.securitytracker.com/id/1040024	Third Party Advisory VDB Entry
3	https://www.vmware.com/security/advisories/VMSA-2017-0021.html	Vendor Advisory
4	https://www.vmware.com/security/advisories/VMSA-2017-0021.html	Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:vmware:esxi:6.0:-::::::
cpe:2.3:o:vmware:esxi:6.5:-::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707201::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707202::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707203::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707204::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707205::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707206::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707207::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707208::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707209::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707210::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707211::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707212::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707213::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707214::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707215::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707216::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707217::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707218::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707219::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707220::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707221::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707102::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707101::::::
cpe:2.3:o:vmware:esxi:6.5:650-201707103::::::
cpe:2.3:o:vmware:esxi:6.5:650-201701001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201703001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201703002::::::
cpe:2.3:o:vmware:esxi:6.5:650-201704001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201710001::::::
cpe:2.3:o:vmware:esxi:6.5:650-201712001::::::
cpe:2.3:o:vmware:esxi:6.0:600-201504401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201505401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201507101::::::
cpe:2.3:o:vmware:esxi:6.0:600-201507102::::::
cpe:2.3:o:vmware:esxi:6.0:600-201507403::::::
cpe:2.3:o:vmware:esxi:6.0:600-201507404::::::
cpe:2.3:o:vmware:esxi:6.0:600-201507405::::::
cpe:2.3:o:vmware:esxi:6.0:600-201507402::::::
cpe:2.3:o:vmware:esxi:6.0:600-201507407::::::
cpe:2.3:o:vmware:esxi:6.0:600-201507406::::::
cpe:2.3:o:vmware:esxi:6.0:600-201507401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509101::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509102::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509205::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509209::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509202::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509206::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509210::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509204::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509203::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509207::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509208::::::
cpe:2.3:o:vmware:esxi:6.0:600-201509201::::::
cpe:2.3:o:vmware:esxi:6.0:600-201510401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201511401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201601102::::::
cpe:2.3:o:vmware:esxi:6.0:600-201601101::::::
cpe:2.3:o:vmware:esxi:6.0:600-201601403::::::
cpe:2.3:o:vmware:esxi:6.0:600-201601402::::::
cpe:2.3:o:vmware:esxi:6.0:600-201601404::::::
cpe:2.3:o:vmware:esxi:6.0:600-201601405::::::
cpe:2.3:o:vmware:esxi:6.0:600-201601401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201602401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603102::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603101::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603202::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603201::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603204::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603208::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603206::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603207::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603205::::::
cpe:2.3:o:vmware:esxi:6.0:600-201603203::::::
cpe:2.3:o:vmware:esxi:6.0:600-201605401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201608101::::::
cpe:2.3:o:vmware:esxi:6.0:600-201608401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201608403::::::
cpe:2.3:o:vmware:esxi:6.0:600-201608402::::::
cpe:2.3:o:vmware:esxi:6.0:600-201608405::::::
cpe:2.3:o:vmware:esxi:6.0:600-201608404::::::
cpe:2.3:o:vmware:esxi:6.0:600-201610410::::::
cpe:2.3:o:vmware:esxi:6.0:600-201611402::::::
cpe:2.3:o:vmware:esxi:6.0:600-201611401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201611403::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702101::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702102::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702201::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702209::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702202::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702211::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702204::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702203::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702207::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702206::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702205::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702212::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702208::::::
cpe:2.3:o:vmware:esxi:6.0:600-201702210::::::
cpe:2.3:o:vmware:esxi:6.0:600-201703401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201706101::::::
cpe:2.3:o:vmware:esxi:6.0:600-201706102::::::
cpe:2.3:o:vmware:esxi:6.0:600-201706103::::::
cpe:2.3:o:vmware:esxi:6.0:600-201706402::::::
cpe:2.3:o:vmware:esxi:6.0:600-201706401::::::
cpe:2.3:o:vmware:esxi:6.0:600-201706403::::::
cpe:2.3:o:vmware:esxi:6.0:600-201710301::::::
cpe:2.3:o:vmware:esxi:5.5:-::::::
cpe:2.3:o:vmware:esxi:6.0:1::::::
cpe:2.3:o:vmware:esxi:6.0:1a::::::
cpe:2.3:o:vmware:esxi:6.0:1b::::::
cpe:2.3:o:vmware:esxi:6.0:2::::::
cpe:2.3:o:vmware:esxi:6.0:3::::::
cpe:2.3:o:vmware:esxi:6.0:3a::::::
cpe:2.3:o:vmware:esxi:5.5:550-20170901001s::::::
cpe:2.3:o:vmware:esxi:5.5:1::::::
cpe:2.3:o:vmware:esxi:5.5:2::::::
cpe:2.3:o:vmware:esxi:5.5:3a::::::
cpe:2.3:o:vmware:esxi:5.5:3b::::::