Executive Summary
| Summary | |
|---|---|
| Title | vSphere Data Protection (VDP) updates address multiple security issues. |
| Informations | |||
|---|---|---|---|
| Name | VMSA-2018-0001 | First vendor Publication | 2018-01-02 |
| Vendor | VMware | Last vendor Modification | 2018-01-02 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| a. VDP authentication bypass vulnerability. VDP contains an authentication bypass vulnerability. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-15548 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. b. VDP arbitrary file upload vulnerability. VDP contains a file upload vulnerability. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-15549 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. b. VDP path traversal vulnerability. VDP contains a path traversal vulnerability. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-15550 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. |
Original Source
| Url : http://www.vmware.com/security/advisories/VMSA-2018-0001.html |
Alert History
| Date | Informations |
|---|---|
| 2018-01-03 13:21:47 |
|
