This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Vmware First view 2016-12-29
Product Vsphere Data Protection Last view 2017-06-07
Version 5.5.5 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:vmware:vsphere_data_protection

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2017-06-07 CVE-2017-4917

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.

9.8 2017-06-07 CVE-2017-4914

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.

9.8 2016-12-29 CVE-2016-7456

VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-502 Deserialization of Untrusted Data
33% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
33% (1) CWE-255 Credentials Management

Nessus® Vulnerability Scanner

id Description
2017-06-09 Name: A virtualization appliance installed on the remote host is affected by multip...
File: vmware_vsphere_data_protection_vmsa-2017-0010.nasl - Type: ACT_GATHER_INFO
2017-01-09 Name: A virtualization appliance installed on the remote host is affected by an aut...
File: vmware_VMSA-2016-0024.nasl - Type: ACT_GATHER_INFO