Lucene search
K
VmwareVsphere Data Protection

8 matches found

CVE
CVE
added 2016/12/29 9:2 a.m.74 views

CVE-2016-7456

Affected product/versions: VMware vSphere Data Protection appliances 5.5.x through 6.1.x. Vulnerability cause: SSH private key used by the local admin (sudoer) has a publicly known password, enabling key-based SSH access. Impact: Remote attacker could gain login access via SSH, potentially compro...

10CVSS9.1AI score0.32789EPSS
CVE
CVE
added 2018/11/26 8:0 p.m.67 views

CVE-2018-11066

Summary of CVE-2018-11066 : Dell EMC Avamar / IDPA products are affected by a remote code execution vulnerability. The issue affects Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, ...

10CVSS10AI score0.09906EPSS
CVE
CVE
added 2017/06/07 5:0 p.m.64 views

CVE-2017-4914

CVE-2017-4914 affects VMware vSphere Data Protection (VDP) 5.5.x, 5.8.x, 6.0.x, and 6.1.x. The root cause is Java deserialization leading to arbitrary code execution on the appliance when processing crafted input (remote attacker). In the OpenVAS/Nessus entries, this is described as multiple vuln...

9.8CVSS9.5AI score0.08833EPSS
CVE
CVE
added 2018/11/26 8:0 p.m.63 views

CVE-2018-11067

CVE-2018-11067 is an open redirection vulnerability affecting Dell EMC Avamar Client Manager in Avamar Server (versions 7.2.x–18.1) and IDPA 2.0–2.2. An unauthenticated remote attacker could lure users to arbitrary URLs via crafted links, enabling phishing. Public records also document VMware vSp...

6.1CVSS7.7AI score0.01811EPSS
CVE
CVE
added 2018/11/26 8:0 p.m.63 views

CVE-2018-11076

CVE-2018-11076 is disclosed in VMware vSphere Data Protection (VDP). The issue is a command-injection vulnerability in the getlogs troubleshooting utility that could let an authenticated admin execute arbitrary commands as root. Affected products/versions: VDP 6.0.x (before 6.0.9) and 6.1.x (befo...

6.5CVSS7AI score0.00834EPSS
CVE
CVE
added 2018/11/26 8:0 p.m.60 views

CVE-2018-11077

CVE-2018-11077 is the information-exposure aspect of the Dell EMC Avamar/IDPA command-injection issue tracked in VDP advisories. The connected VMware VMSA-2018-0029 confirms a separate command-injection flaw in the getlogs utility that can lead to root-level command execution when an authenticate...

7.2CVSS7.8AI score0.01005EPSS
CVE
CVE
added 2015/02/01 2:0 a.m.57 views

CVE-2014-4632

Affected products: VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1; also the EMC Avamar proxy client components (ADS/AVE) 6.x and 7.0.x. Root cause: SSL certificate validation is insufficient; VDP and Avamar proxy fail to properly verify X.509 certificates from vC...

4.3CVSS6.2AI score0.0062EPSS
CVE
CVE
added 2017/06/07 5:0 p.m.52 views

CVE-2017-4917

CVE-2017-4917 affects VMware vSphere Data Protection (VDP) across 5.5.x, 5.8.x, 6.0.x and 6.1.x. The issue stems from VDP locally storing vCenter Server credentials using reversible encryption, which may allow an attacker to obtain plaintext credentials. This CVE is paired with CVE-2017-4914 (des...

9.8CVSS9.2AI score0.00648EPSS