Information disclosure

2018-11-2620:29:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.3%

JSON

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console’s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.

CPENameOperatorVersion
emc_avamareq7.3.1
emc_avamareq7.4.1
emc_avamareq7.4.0
emc_avamareq7.3.0
emc_avamareq7.2.0
emc_avamareq7.2.1
emc_integrated_data_protection_applianceeq2.0
vsphere_data_protectioneq6.1.0
vsphere_data_protectioneq6.0.3
vsphere_data_protectioneq6.0.1

Name	Operator	Version
emc_avamar	eq	7.3.1
emc_avamar	eq	7.4.1
emc_avamar	eq	7.4.0
emc_avamar	eq	7.3.0
emc_avamar	eq	7.2.0
emc_avamar	eq	7.2.1
emc_integrated_data_protection_appliance	eq	2.0
vsphere_data_protection	eq	6.1.0
vsphere_data_protection	eq	6.0.3
vsphere_data_protection	eq	6.0.1