This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Vmware First view 2015-01-31
Product Vsphere Data Protection Last view 2017-06-07
Version 5.5.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:vmware:vsphere_data_protection

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2017-06-07 CVE-2017-4914

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.

9.8 2016-12-29 CVE-2016-7456

VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.

4.3 2015-01-31 CVE-2014-4632

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-502 Deserialization of Untrusted Data
33% (1) CWE-310 Cryptographic Issues
33% (1) CWE-255 Credentials Management

Information Assurance Vulnerability Management (IAVM)

id Description
2015-B-0016 VMware vSphere Data Protection Certificate Validation Security Bypass Vulnera...
Severity: Category II - VMSKEY: V0058529

Nessus® Vulnerability Scanner

id Description
2017-06-09 Name: A virtualization appliance installed on the remote host is affected by multip...
File: vmware_vsphere_data_protection_vmsa-2017-0010.nasl - Type: ACT_GATHER_INFO
2017-01-09 Name: A virtualization appliance installed on the remote host is affected by an aut...
File: vmware_VMSA-2016-0024.nasl - Type: ACT_GATHER_INFO
2015-02-12 Name: The remote host has a virtualization appliance installed that is affected by ...
File: vmware_vsphere_data_protection_vmsa-2015-0002.nasl - Type: ACT_GATHER_INFO