Summary
| Detail | |||
|---|---|---|---|
| Vendor | Vmware | First view | 2016-12-29 |
| Product | Vsphere Data Protection | Last view | 2018-11-26 |
| Version | 6.1.1 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:vmware:vsphere_data_protection | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.7 | 2018-11-26 | CVE-2018-11077 | 'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege. |
| 6.5 | 2018-11-26 | CVE-2018-11076 | Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users. |
| 6.1 | 2018-11-26 | CVE-2018-11067 | Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. |
| 9.8 | 2018-11-26 | CVE-2018-11066 | Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server. |
| 9.8 | 2017-06-07 | CVE-2017-4917 | VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained. |
| 9.8 | 2017-06-07 | CVE-2017-4914 | VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance. |
| 9.8 | 2016-12-29 | CVE-2016-7456 | VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 20% (1) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
| 20% (1) | CWE-502 | Deserialization of Untrusted Data |
| 20% (1) | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
| 20% (1) | CWE-255 | Credentials Management |
| 20% (1) | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('O... |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-11-30 | Name: A backup solution running on the remote host is affected by multiple vulnerab... File: emc_avamar_dsa-2018-145.nasl - Type: ACT_GATHER_INFO |
| 2017-06-09 | Name: A virtualization appliance installed on the remote host is affected by multip... File: vmware_vsphere_data_protection_vmsa-2017-0010.nasl - Type: ACT_GATHER_INFO |
| 2017-01-09 | Name: A virtualization appliance installed on the remote host is affected by an aut... File: vmware_VMSA-2016-0024.nasl - Type: ACT_GATHER_INFO |
