Executive Summary
Summary | |
---|---|
Title | VMware vSphere Data Protection product update addresses a certificate validation vulnerability |
Informations | |||
---|---|---|---|
Name | VMSA-2015-0002 | First vendor Publication | 2015-01-29 |
Vendor | VMware | Last vendor Modification | 2015-01-29 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. VMware vSphere Data Protection certificate validation vulnerability VMware vSphere Data Protection (VDP) does not fully validate SSL certificates coming from vCenter Server. This issue may allow a Man-in-the-Middle attack that enables the attacker to perform unauthorized backup and restore operations. VMware would like to thank Thorsten Tüllmann of the Steinbuch Centre for Computing, KIT, Germany for reporting this issue to VMware and the EMC Product Security Response Center for working with us on the issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-4632 to this issue. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2015-0002.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-310 | Cryptographic Issues |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-02-05 | IAVM : 2015-B-0016 - VMware vSphere Data Protection Certificate Validation Security Bypass Vulnera... Severity : Category II - VMSKEY : V0058529 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-02-12 | Name : The remote host has a virtualization appliance installed that is affected by ... File : vmware_vsphere_data_protection_vmsa-2015-0002.nasl - Type : ACT_GATHER_INFO |
2015-01-07 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2015-0002.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-02-13 13:24:06 |
|
2015-02-03 05:26:53 |
|
2015-02-01 09:25:37 |
|
2015-01-30 05:25:16 |
|