8 matches found
CVE-2016-7456
Affected product/versions: VMware vSphere Data Protection appliances 5.5.x through 6.1.x. Vulnerability cause: SSH private key used by the local admin (sudoer) has a publicly known password, enabling key-based SSH access. Impact: Remote attacker could gain login access via SSH, potentially compro...
CVE-2018-11066
Summary of CVE-2018-11066 : Dell EMC Avamar / IDPA products are affected by a remote code execution vulnerability. The issue affects Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, ...
CVE-2017-4914
CVE-2017-4914 affects VMware vSphere Data Protection (VDP) 5.5.x, 5.8.x, 6.0.x, and 6.1.x. The root cause is Java deserialization leading to arbitrary code execution on the appliance when processing crafted input (remote attacker). In the OpenVAS/Nessus entries, this is described as multiple vuln...
CVE-2018-11067
CVE-2018-11067 is an open redirection vulnerability affecting Dell EMC Avamar Client Manager in Avamar Server (versions 7.2.x–18.1) and IDPA 2.0–2.2. An unauthenticated remote attacker could lure users to arbitrary URLs via crafted links, enabling phishing. Public records also document VMware vSp...
CVE-2018-11076
CVE-2018-11076 is disclosed in VMware vSphere Data Protection (VDP). The issue is a command-injection vulnerability in the getlogs troubleshooting utility that could let an authenticated admin execute arbitrary commands as root. Affected products/versions: VDP 6.0.x (before 6.0.9) and 6.1.x (befo...
CVE-2018-11077
CVE-2018-11077 is the information-exposure aspect of the Dell EMC Avamar/IDPA command-injection issue tracked in VDP advisories. The connected VMware VMSA-2018-0029 confirms a separate command-injection flaw in the getlogs utility that can lead to root-level command execution when an authenticate...
CVE-2014-4632
Affected products: VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1; also the EMC Avamar proxy client components (ADS/AVE) 6.x and 7.0.x. Root cause: SSL certificate validation is insufficient; VDP and Avamar proxy fail to properly verify X.509 certificates from vC...
CVE-2017-4917
CVE-2017-4917 affects VMware vSphere Data Protection (VDP) across 5.5.x, 5.8.x, 6.0.x and 6.1.x. The issue stems from VDP locally storing vCenter Server credentials using reversible encryption, which may allow an attacker to obtain plaintext credentials. This CVE is paired with CVE-2017-4914 (des...