This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Vmware | First view | 2016-12-29 |
| Product | Vsphere Data Protection | Last view | 2017-06-07 |
| Version | 5.5.9 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:vmware:vsphere_data_protection | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2017-06-07 | CVE-2017-4917 | VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained. |
| 9.8 | 2017-06-07 | CVE-2017-4914 | VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance. |
| 9.8 | 2016-12-29 | CVE-2016-7456 | VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (1) | CWE-502 | Deserialization of Untrusted Data |
| 33% (1) | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
| 33% (1) | CWE-255 | Credentials Management |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-06-09 | Name: A virtualization appliance installed on the remote host is affected by multip... File: vmware_vsphere_data_protection_vmsa-2017-0010.nasl - Type: ACT_GATHER_INFO |
| 2017-01-09 | Name: A virtualization appliance installed on the remote host is affected by an aut... File: vmware_VMSA-2016-0024.nasl - Type: ACT_GATHER_INFO |
