Summary
Detail | |||
---|---|---|---|
Vendor | Vmware | First view | 2016-12-29 |
Product | Vsphere Data Protection | Last view | 2017-06-07 |
Version | 5.5.9 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:vmware:vsphere_data_protection |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.8 | 2017-06-07 | CVE-2017-4917 | VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained. |
9.8 | 2017-06-07 | CVE-2017-4914 | VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance. |
9.8 | 2016-12-29 | CVE-2016-7456 | VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
33% (1) | CWE-502 | Deserialization of Untrusted Data |
33% (1) | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
33% (1) | CWE-255 | Credentials Management |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2017-06-09 | Name: A virtualization appliance installed on the remote host is affected by multip... File: vmware_vsphere_data_protection_vmsa-2017-0010.nasl - Type: ACT_GATHER_INFO |
2017-01-09 | Name: A virtualization appliance installed on the remote host is affected by an aut... File: vmware_VMSA-2016-0024.nasl - Type: ACT_GATHER_INFO |