34 matches found
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in vSphere Data Protection. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0029 and apply the...
VMSA-2018-0029:vSphere Data Protection (VDP) updates address multiple security issues.
VMSA-2018-0029 vSphere Data Protection VDP updates address multiple security issues. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0029 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: vSphere Data Protection VDP updates address multiple...
VMware vSphere Data Protection 6.x Information Disclosure Vulnerability (VMSA-2018-0021
The version of VMware vSphere Data Protection installed on the remote host is 6.x. It is, therefore, affected by an information disclosure vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid112208; scriptversion"1.4";...
VMware vSphere Data Protection Directory Traversal Vulnerability
VMware vSphere Data Protection is a backup and recovery solution. A directory traversal security vulnerability exists in VMware vSphere Data Protection, which could be exploited by remote attackers to submit a special request to view the contents of system files...
VMware vSphere Data Protection 5.x / 6.0.x < 6.0.7 / 6.1.x < 6.1.6 Multiple Vulnerabilities (VMSA-2018-0001
The version of VMware vSphere Data Protection installed on the remote host is 5.x or 6.0.x prior to 6.0.7, or it is 6.1.x prior to 6.1.6. It is, therefore, affected by multiple vulnerabilities. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid105586; scriptversion"1.9"...
VMware vSphere Data Protection Arbitrary File Upload Vulnerability
VMware vSphere Data Protection is a backup and recovery solution. A security vulnerability exists in VMware vSphere Data Protection that allows remote attackers to exploit the vulnerability to submit a special request to upload arbitrary files to the server...
VMware Issues 3 Critical Patches for vSphere Data Protection
VMware, a Dell Technologies subsidiary, released several patches Tuesday fixing critical vulnerabilities affecting its vSphere cloud computing virtualization platform. The bugs address three vulnerabilities in VMware’s vSphere Data Protection VDP, a backup and recovery solution used with its...
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in vSphere Data Protection. A remote attacker could exploit these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the VMware Security Advisory VMSA-2018-0001 and apply the...
VMSA-2018-0001:vSphere Data Protection (VDP) updates address multiple security issues.
VMSA-2018-0001 vSphere Data Protection VDP updates address multiple security issues. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0001 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: vSphere Data Protection VDP updates address multiple...
VMware vSphere Data Protection (VDP) Multiple Vulnerabilities
VMware vSphere Data Protection VDP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
VMware vSphere Data Protection Command Execution and Information Disclosure Vulnerabilities
VMware vSphere Data Protection is prone to an arbitrary command-execution and information disclosure vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
VMware vSphere Data Protection Local Storage vCenter Server Credentials Vulnerability
VMware vSphere Data Protection VDP is a disk-based backup and recovery solution from VMware. Integrated with VMware vCenter Server, the server and virtualization management software, the solution can be used to centrally manage backup jobs while storing backup files in deduplicated target storage...
VMware vSphere Data Protection Remote Code Execution (CVE-2017-4914)
Multiple vulnerabilities have been reported in VMware vSphere Data Protection. The vulnerabilities are due to improper Java deserialization and use of reversible encryption. A remote attacker could exploit one of the vulnerabilities by sending specially crafted data to the targeted server, which...
VMware vSphere Data Protection 5.x6.x - Java Deserialization
VMware vSphere Data Protection 5.x6.x - Java Deserialization !/usr/bin/env python import socket import sys import ssl def getHeader: return '\x4a\x52\x4d\x49\x00\x02\x4b' def payload: cmd = sys.argv4 cmdlen = lencmd data2 =...
VMware vSphere Data Protection 5.x/6.x - Java Deserialization
!/usr/bin/env python import socket import sys import ssl def getHeader: return '\x4a\x52\x4d\x49\x00\x02\x4b' def payload: cmd = sys.argv4 cmdlen = lencmd data2 =...
VMware Patches Critical Vulnerabilities in vSphere Data Protection
VMware fixed two critical vulnerabilities in its vSphere Data Protection solution this week that could have allowed an attacker to execute commands on the virtual appliance, among other outcomes. The Department of Homeland Security’s CERT encouraged users and admins on Wednesday to apply the...
CVE-2017-4917
VMware vSphere Data Protection VDP 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained...
CVE-2017-4914
CVE-2017-4914 affects VMware vSphere Data Protection (VDP) 5.5.x, 5.8.x, 6.0.x, and 6.1.x. The root cause is Java deserialization leading to arbitrary code execution on the appliance when processing crafted input (remote attacker). In the OpenVAS/Nessus entries, this is described as multiple vuln...
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in vSphere Data Protection. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2017-0010 and...
VMware vSphere Data Protection Java Deserialization Vulnerability
VMware vSphere Data Protection VDP is a disk-based backup and recovery solution from VMware. Integrated with VMware vCenter Server, the server and virtualization management software, the solution can be used to centrally manage backup jobs while storing backup files in deduplicated target storage...