This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Vmware First view 2015-01-31
Product Vsphere Data Protection Last view 2018-11-26
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:* 7
cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:* 7
cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:* 7
cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:* 7
cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:* 7
cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:* 7
cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:* 7
cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:* 7
cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:* 7
cpe:2.3:a:vmware:vsphere_data_protection:5.8.0:*:*:*:*:*:*:* 4
cpe:2.3:a:vmware:vsphere_data_protection:5.5.8:*:*:*:*:*:*:* 4
cpe:2.3:a:vmware:vsphere_data_protection:5.5.6:*:*:*:*:*:*:* 4
cpe:2.3:a:vmware:vsphere_data_protection:5.5.7:*:*:*:*:*:*:* 4
cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:* 4
cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:* 4
cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:* 4
cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:* 4
cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:* 4
cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:* 4
cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:* 4
cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:* 4
cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:* 4
cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:* 4
cpe:2.3:a:vmware:vsphere_data_protection:5.5.1:*:*:*:*:*:*:* 3
cpe:2.3:a:vmware:vsphere_data_protection:5.5.5:*:*:*:*:*:*:* 3
cpe:2.3:a:vmware:vsphere_data_protection:5.5.9:*:*:*:*:*:*:* 3
cpe:2.3:a:vmware:vsphere_data_protection:5.5.10:*:*:*:*:*:*:* 3
cpe:2.3:a:vmware:vsphere_data_protection:5.5.11:*:*:*:*:*:*:* 3
cpe:2.3:a:vmware:vsphere_data_protection:5.8.1:*:*:*:*:*:*:* 3
cpe:2.3:a:vmware:vsphere_data_protection:5.8.2:*:*:*:*:*:*:* 3
cpe:2.3:a:vmware:vsphere_data_protection:5.8.3:*:*:*:*:*:*:* 3
cpe:2.3:a:vmware:vsphere_data_protection:5.8.4:*:*:*:*:*:*:* 3
cpe:2.3:a:vmware:vsphere_data_protection:5.1:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
6.7 2018-11-26 CVE-2018-11077

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.

6.5 2018-11-26 CVE-2018-11076

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.

6.1 2018-11-26 CVE-2018-11067

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.

9.8 2018-11-26 CVE-2018-11066

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.

9.8 2017-06-07 CVE-2017-4917

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.

9.8 2017-06-07 CVE-2017-4914

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.

9.8 2016-12-29 CVE-2016-7456

VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.

4.3 2015-01-31 CVE-2014-4632

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.

CWE : Common Weakness Enumeration

%idName
16% (1) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
16% (1) CWE-502 Deserialization of Untrusted Data
16% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
16% (1) CWE-310 Cryptographic Issues
16% (1) CWE-255 Credentials Management
16% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...

Information Assurance Vulnerability Management (IAVM)

id Description
2015-B-0016 VMware vSphere Data Protection Certificate Validation Security Bypass Vulnera...
Severity: Category II - VMSKEY: V0058529

Nessus® Vulnerability Scanner

id Description
2018-11-30 Name: A backup solution running on the remote host is affected by multiple vulnerab...
File: emc_avamar_dsa-2018-145.nasl - Type: ACT_GATHER_INFO
2017-06-09 Name: A virtualization appliance installed on the remote host is affected by multip...
File: vmware_vsphere_data_protection_vmsa-2017-0010.nasl - Type: ACT_GATHER_INFO
2017-01-09 Name: A virtualization appliance installed on the remote host is affected by an aut...
File: vmware_VMSA-2016-0024.nasl - Type: ACT_GATHER_INFO
2015-02-12 Name: The remote host has a virtualization appliance installed that is affected by ...
File: vmware_vsphere_data_protection_vmsa-2015-0002.nasl - Type: ACT_GATHER_INFO