Summary
| Detail | |||
|---|---|---|---|
| Vendor | Vmware | First view | 2015-01-31 |
| Product | Vsphere Data Protection | Last view | 2017-06-07 |
| Version | 5.5.8 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:vmware:vsphere_data_protection | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2017-06-07 | CVE-2017-4917 | VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained. |
| 9.8 | 2017-06-07 | CVE-2017-4914 | VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance. |
| 9.8 | 2016-12-29 | CVE-2016-7456 | VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session. |
| 4.3 | 2015-01-31 | CVE-2014-4632 | VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 25% (1) | CWE-502 | Deserialization of Untrusted Data |
| 25% (1) | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
| 25% (1) | CWE-310 | Cryptographic Issues |
| 25% (1) | CWE-255 | Credentials Management |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-B-0016 | VMware vSphere Data Protection Certificate Validation Security Bypass Vulnera... Severity: Category II - VMSKEY: V0058529 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-06-09 | Name: A virtualization appliance installed on the remote host is affected by multip... File: vmware_vsphere_data_protection_vmsa-2017-0010.nasl - Type: ACT_GATHER_INFO |
| 2017-01-09 | Name: A virtualization appliance installed on the remote host is affected by an aut... File: vmware_VMSA-2016-0024.nasl - Type: ACT_GATHER_INFO |
| 2015-02-12 | Name: The remote host has a virtualization appliance installed that is affected by ... File: vmware_vsphere_data_protection_vmsa-2015-0002.nasl - Type: ACT_GATHER_INFO |
