Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities found for vsphere_data_protection by vmware
CVE-2018-11067 (GCVE-0-2018-11067)
Vulnerability from cvelistv5 – Published: 2018-11-26 20:00 – Updated: 2024-09-17 00:11
VLAI
Title
Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability
Summary
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
Severity
No CVSS data available.
CWE
- Open Redirection Vulnerability
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://seclists.org/fulldisclosure/2018/Nov/49 | mailing-listx_refsource_FULLDISC |
| https://www.vmware.com/security/advisories/VMSA-2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/105969 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1042153 | vdb-entryx_refsource_SECTRACK |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell EMC | Avamar |
Affected:
7.2.0
Affected: 7.2.1 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.4.0 Affected: 7.4.1 Affected: 7.5.0 Affected: 7.5.1 Affected: 18.1 |
|
| Dell EMC | Integrated Data Protection Appliance |
Affected:
2.0
Affected: 2.1 Affected: 2.2 |
Date Public
2018-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105969",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105969"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2018-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirection Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105969",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105969"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11067",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.5.1"
},
{
"version_value": "18.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirection Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105969"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11067",
"datePublished": "2018-11-26T20:00:00.000Z",
"dateReserved": "2018-05-14T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:11:44.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11066 (GCVE-0-2018-11066)
Vulnerability from cvelistv5 – Published: 2018-11-26 20:00 – Updated: 2024-09-17 03:43
VLAI
Title
Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability
Summary
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
Severity
No CVSS data available.
CWE
- Remote Code Execution Vulnerability
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105968 | vdb-entryx_refsource_BID |
| https://seclists.org/fulldisclosure/2018/Nov/49 | mailing-listx_refsource_FULLDISC |
| https://www.vmware.com/security/advisories/VMSA-2… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1042153 | vdb-entryx_refsource_SECTRACK |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell EMC | Avamar |
Affected:
7.2.0
Affected: 7.2.1 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.4.0 Affected: 7.4.1 Affected: 7.5.0 Affected: 7.5.1 Affected: 18.1 |
|
| Dell EMC | Integrated Data Protection Appliance |
Affected:
2.0
Affected: 2.1 Affected: 2.2 |
Date Public
2018-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105968",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105968"
},
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2018-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "105968",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105968"
},
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11066",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.5.1"
},
{
"version_value": "18.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105968"
},
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11066",
"datePublished": "2018-11-26T20:00:00.000Z",
"dateReserved": "2018-05-14T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:43:20.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11077 (GCVE-0-2018-11077)
Vulnerability from cvelistv5 – Published: 2018-11-26 20:00 – Updated: 2024-09-17 03:06
VLAI
Title
Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability
Summary
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
Severity
No CVSS data available.
CWE
- Command Injection Vulnerability
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.vmware.com/security/advisories/VMSA-2… | x_refsource_CONFIRM |
| https://seclists.org/fulldisclosure/2018/Nov/51 | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/bid/105971 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1042153 | vdb-entryx_refsource_SECTRACK |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell EMC | Avamar |
Affected:
7.2.0
Affected: 7.2.1 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.4.0 Affected: 7.4.1 Affected: 7.5.0 Affected: 7.5.1 Affected: 18.1 |
|
| Dell EMC | Integrated Data Protection Appliance |
Affected:
2.0
Affected: 2.1 Affected: 2.2 |
Date Public
2018-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"name": "105971",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105971"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2018-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "\u0027getlogs\u0027 utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"name": "105971",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105971"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11077",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.5.1"
},
{
"version_value": "18.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\u0027getlogs\u0027 utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"name": "105971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105971"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11077",
"datePublished": "2018-11-26T20:00:00.000Z",
"dateReserved": "2018-05-14T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:06:58.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11076 (GCVE-0-2018-11076)
Vulnerability from cvelistv5 – Published: 2018-11-26 20:00 – Updated: 2024-09-16 20:32
VLAI
Title
Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability
Summary
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.
Severity
No CVSS data available.
CWE
- Remote Code Execution Vulnerability
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://seclists.org/fulldisclosure/2018/Nov/50 | mailing-listx_refsource_FULLDISC |
| https://www.vmware.com/security/advisories/VMSA-2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/105972 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1042153 | vdb-entryx_refsource_SECTRACK |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell EMC | Avamar |
Affected:
7.2.0
Affected: 7.2.1 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.4.0 Affected: 7.4.1 |
|
| Dell EMC | Integrated Data Protection Appliance |
Affected:
2.0
|
Date Public
2018-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105972",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105972"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"datePublic": "2018-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105972",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105972"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11076",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105972"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11076",
"datePublished": "2018-11-26T20:00:00.000Z",
"dateReserved": "2018-05-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:32:06.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4917 (GCVE-0-2017-4917)
Vulnerability from cvelistv5 – Published: 2017-06-07 17:00 – Updated: 2024-08-05 14:47
VLAI
Summary
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/98936 | vdb-entryx_refsource_BID |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038617 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | vSphere Data Protection (VDP) |
Affected:
6.1.x
Affected: 6.0.x Affected: 5.8.x Affected: 5.5.x |
Date Public
2017-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:42.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98936",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98936"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"name": "1038617",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vSphere Data Protection (VDP)",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.1.x"
},
{
"status": "affected",
"version": "6.0.x"
},
{
"status": "affected",
"version": "5.8.x"
},
{
"status": "affected",
"version": "5.5.x"
}
]
}
],
"datePublic": "2017-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "98936",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98936"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"name": "1038617",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038617"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vSphere Data Protection (VDP)",
"version": {
"version_data": [
{
"version_value": "6.1.x"
},
{
"version_value": "6.0.x"
},
{
"version_value": "5.8.x"
},
{
"version_value": "5.5.x"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98936"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"name": "1038617",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038617"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4917",
"datePublished": "2017-06-07T17:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:47:42.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4914 (GCVE-0-2017-4914)
Vulnerability from cvelistv5 – Published: 2017-06-07 17:00 – Updated: 2024-08-05 14:47
VLAI
Summary
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.
Severity
No CVSS data available.
CWE
- Remote Command Execution
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/98939 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/42152/ | exploitx_refsource_EXPLOIT-DB |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038617 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | vSphere Data Protection (VDP) |
Affected:
6.1.x
Affected: 6.0.x Affected: 5.8.x Affected: 5.5.x |
Date Public
2017-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98939"
},
{
"name": "42152",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42152/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"name": "1038617",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vSphere Data Protection (VDP)",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.1.x"
},
{
"status": "affected",
"version": "6.0.x"
},
{
"status": "affected",
"version": "5.8.x"
},
{
"status": "affected",
"version": "5.5.x"
}
]
}
],
"datePublic": "2017-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "98939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98939"
},
{
"name": "42152",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42152/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"name": "1038617",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038617"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vSphere Data Protection (VDP)",
"version": {
"version_data": [
{
"version_value": "6.1.x"
},
{
"version_value": "6.0.x"
},
{
"version_value": "5.8.x"
},
{
"version_value": "5.5.x"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98939"
},
{
"name": "42152",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42152/"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"name": "1038617",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038617"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4914",
"datePublished": "2017-06-07T17:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:47:43.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7456 (GCVE-0-2016-7456)
Vulnerability from cvelistv5 – Published: 2016-12-29 09:02 – Updated: 2024-08-06 01:57
VLAI
Summary
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1037502 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/94990 | vdb-entryx_refsource_BID |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
Date Public
2016-12-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1037502",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037502"
},
{
"name": "94990",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94990"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T21:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "1037502",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037502"
},
{
"name": "94990",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94990"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2016-7456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037502",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037502"
},
{
"name": "94990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94990"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0024.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2016-7456",
"datePublished": "2016-12-29T09:02:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:57:47.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4632 (GCVE-0-2014-4632)
Vulnerability from cvelistv5 – Published: 2015-02-01 02:00 – Updated: 2024-08-06 11:20
VLAI
Summary
VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securitytracker.com/id/1031664 | vdb-entryx_refsource_SECTRACK |
Date Public
2015-01-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:26.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0002.html"
},
{
"name": "20150130 ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0154.html"
},
{
"name": "emc-vmware-cve20144632-sec-bypass(100866)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100866"
},
{
"name": "1031664",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031664"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0002.html"
},
{
"name": "20150130 ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0154.html"
},
{
"name": "emc-vmware-cve20144632-sec-bypass(100866)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100866"
},
{
"name": "1031664",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031664"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-4632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2015-0002.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0002.html"
},
{
"name": "20150130 ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0154.html"
},
{
"name": "emc-vmware-cve20144632-sec-bypass(100866)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100866"
},
{
"name": "1031664",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031664"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-4632",
"datePublished": "2015-02-01T02:00:00.000Z",
"dateReserved": "2014-06-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:20:26.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11067 (GCVE-0-2018-11067)
Vulnerability from nvd – Published: 2018-11-26 20:00 – Updated: 2024-09-17 00:11
VLAI
Title
Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability
Summary
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
Severity
No CVSS data available.
CWE
- Open Redirection Vulnerability
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://seclists.org/fulldisclosure/2018/Nov/49 | mailing-listx_refsource_FULLDISC |
| https://www.vmware.com/security/advisories/VMSA-2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/105969 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1042153 | vdb-entryx_refsource_SECTRACK |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell EMC | Avamar |
Affected:
7.2.0
Affected: 7.2.1 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.4.0 Affected: 7.4.1 Affected: 7.5.0 Affected: 7.5.1 Affected: 18.1 |
|
| Dell EMC | Integrated Data Protection Appliance |
Affected:
2.0
Affected: 2.1 Affected: 2.2 |
Date Public
2018-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105969",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105969"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2018-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirection Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105969",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105969"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11067",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.5.1"
},
{
"version_value": "18.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirection Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105969"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11067",
"datePublished": "2018-11-26T20:00:00.000Z",
"dateReserved": "2018-05-14T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:11:44.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11066 (GCVE-0-2018-11066)
Vulnerability from nvd – Published: 2018-11-26 20:00 – Updated: 2024-09-17 03:43
VLAI
Title
Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability
Summary
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
Severity
No CVSS data available.
CWE
- Remote Code Execution Vulnerability
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105968 | vdb-entryx_refsource_BID |
| https://seclists.org/fulldisclosure/2018/Nov/49 | mailing-listx_refsource_FULLDISC |
| https://www.vmware.com/security/advisories/VMSA-2… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1042153 | vdb-entryx_refsource_SECTRACK |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell EMC | Avamar |
Affected:
7.2.0
Affected: 7.2.1 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.4.0 Affected: 7.4.1 Affected: 7.5.0 Affected: 7.5.1 Affected: 18.1 |
|
| Dell EMC | Integrated Data Protection Appliance |
Affected:
2.0
Affected: 2.1 Affected: 2.2 |
Date Public
2018-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105968",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105968"
},
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2018-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "105968",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105968"
},
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11066",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.5.1"
},
{
"version_value": "18.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105968"
},
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11066",
"datePublished": "2018-11-26T20:00:00.000Z",
"dateReserved": "2018-05-14T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:43:20.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11077 (GCVE-0-2018-11077)
Vulnerability from nvd – Published: 2018-11-26 20:00 – Updated: 2024-09-17 03:06
VLAI
Title
Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability
Summary
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
Severity
No CVSS data available.
CWE
- Command Injection Vulnerability
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.vmware.com/security/advisories/VMSA-2… | x_refsource_CONFIRM |
| https://seclists.org/fulldisclosure/2018/Nov/51 | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/bid/105971 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1042153 | vdb-entryx_refsource_SECTRACK |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell EMC | Avamar |
Affected:
7.2.0
Affected: 7.2.1 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.4.0 Affected: 7.4.1 Affected: 7.5.0 Affected: 7.5.1 Affected: 18.1 |
|
| Dell EMC | Integrated Data Protection Appliance |
Affected:
2.0
Affected: 2.1 Affected: 2.2 |
Date Public
2018-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"name": "105971",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105971"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2018-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "\u0027getlogs\u0027 utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"name": "105971",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105971"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11077",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.5.1"
},
{
"version_value": "18.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\u0027getlogs\u0027 utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"name": "105971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105971"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11077",
"datePublished": "2018-11-26T20:00:00.000Z",
"dateReserved": "2018-05-14T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:06:58.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11076 (GCVE-0-2018-11076)
Vulnerability from nvd – Published: 2018-11-26 20:00 – Updated: 2024-09-16 20:32
VLAI
Title
Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability
Summary
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.
Severity
No CVSS data available.
CWE
- Remote Code Execution Vulnerability
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://seclists.org/fulldisclosure/2018/Nov/50 | mailing-listx_refsource_FULLDISC |
| https://www.vmware.com/security/advisories/VMSA-2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/105972 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1042153 | vdb-entryx_refsource_SECTRACK |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell EMC | Avamar |
Affected:
7.2.0
Affected: 7.2.1 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.4.0 Affected: 7.4.1 |
|
| Dell EMC | Integrated Data Protection Appliance |
Affected:
2.0
|
Date Public
2018-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105972",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105972"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"datePublic": "2018-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105972",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105972"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11076",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105972"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11076",
"datePublished": "2018-11-26T20:00:00.000Z",
"dateReserved": "2018-05-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:32:06.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4917 (GCVE-0-2017-4917)
Vulnerability from nvd – Published: 2017-06-07 17:00 – Updated: 2024-08-05 14:47
VLAI
Summary
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/98936 | vdb-entryx_refsource_BID |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038617 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | vSphere Data Protection (VDP) |
Affected:
6.1.x
Affected: 6.0.x Affected: 5.8.x Affected: 5.5.x |
Date Public
2017-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:42.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98936",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98936"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"name": "1038617",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vSphere Data Protection (VDP)",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.1.x"
},
{
"status": "affected",
"version": "6.0.x"
},
{
"status": "affected",
"version": "5.8.x"
},
{
"status": "affected",
"version": "5.5.x"
}
]
}
],
"datePublic": "2017-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "98936",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98936"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"name": "1038617",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038617"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vSphere Data Protection (VDP)",
"version": {
"version_data": [
{
"version_value": "6.1.x"
},
{
"version_value": "6.0.x"
},
{
"version_value": "5.8.x"
},
{
"version_value": "5.5.x"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98936"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"name": "1038617",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038617"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4917",
"datePublished": "2017-06-07T17:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:47:42.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4914 (GCVE-0-2017-4914)
Vulnerability from nvd – Published: 2017-06-07 17:00 – Updated: 2024-08-05 14:47
VLAI
Summary
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.
Severity
No CVSS data available.
CWE
- Remote Command Execution
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/98939 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/42152/ | exploitx_refsource_EXPLOIT-DB |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038617 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | vSphere Data Protection (VDP) |
Affected:
6.1.x
Affected: 6.0.x Affected: 5.8.x Affected: 5.5.x |
Date Public
2017-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98939"
},
{
"name": "42152",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42152/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"name": "1038617",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vSphere Data Protection (VDP)",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.1.x"
},
{
"status": "affected",
"version": "6.0.x"
},
{
"status": "affected",
"version": "5.8.x"
},
{
"status": "affected",
"version": "5.5.x"
}
]
}
],
"datePublic": "2017-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "98939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98939"
},
{
"name": "42152",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42152/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"name": "1038617",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038617"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vSphere Data Protection (VDP)",
"version": {
"version_data": [
{
"version_value": "6.1.x"
},
{
"version_value": "6.0.x"
},
{
"version_value": "5.8.x"
},
{
"version_value": "5.5.x"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98939"
},
{
"name": "42152",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42152/"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"name": "1038617",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038617"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4914",
"datePublished": "2017-06-07T17:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:47:43.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7456 (GCVE-0-2016-7456)
Vulnerability from nvd – Published: 2016-12-29 09:02 – Updated: 2024-08-06 01:57
VLAI
Summary
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1037502 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/94990 | vdb-entryx_refsource_BID |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
Date Public
2016-12-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1037502",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037502"
},
{
"name": "94990",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94990"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T21:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "1037502",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037502"
},
{
"name": "94990",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94990"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2016-7456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037502",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037502"
},
{
"name": "94990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94990"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0024.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2016-7456",
"datePublished": "2016-12-29T09:02:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:57:47.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4632 (GCVE-0-2014-4632)
Vulnerability from nvd – Published: 2015-02-01 02:00 – Updated: 2024-08-06 11:20
VLAI
Summary
VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securitytracker.com/id/1031664 | vdb-entryx_refsource_SECTRACK |
Date Public
2015-01-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:26.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0002.html"
},
{
"name": "20150130 ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0154.html"
},
{
"name": "emc-vmware-cve20144632-sec-bypass(100866)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100866"
},
{
"name": "1031664",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031664"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0002.html"
},
{
"name": "20150130 ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0154.html"
},
{
"name": "emc-vmware-cve20144632-sec-bypass(100866)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100866"
},
{
"name": "1031664",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031664"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-4632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2015-0002.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0002.html"
},
{
"name": "20150130 ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0154.html"
},
{
"name": "emc-vmware-cve20144632-sec-bypass(100866)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100866"
},
{
"name": "1031664",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031664"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-4632",
"datePublished": "2015-02-01T02:00:00.000Z",
"dateReserved": "2014-06-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:20:26.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}