Vulnerabilites related to vmware - vsphere_data_protection
CVE-2018-11076 (GCVE-0-2018-11076)
Vulnerability from cvelistv5
Published
2018-11-26 20:00
Modified
2024-09-16 20:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution Vulnerability
Summary
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Dell EMC | Avamar |
Version: 7.2.0 Version: 7.2.1 Version: 7.3.0 Version: 7.3.1 Version: 7.4.0 Version: 7.4.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105972",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105972"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"datePublic": "2018-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105972",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105972"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11076",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105972"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11076",
"datePublished": "2018-11-26T20:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-16T20:32:06.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4917 (GCVE-0-2017-4917)
Vulnerability from cvelistv5
Published
2017-06-07 17:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | vSphere Data Protection (VDP) |
Version: 6.1.x Version: 6.0.x Version: 5.8.x Version: 5.5.x |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:42.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98936",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98936"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"name": "1038617",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vSphere Data Protection (VDP)",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.1.x"
},
{
"status": "affected",
"version": "6.0.x"
},
{
"status": "affected",
"version": "5.8.x"
},
{
"status": "affected",
"version": "5.5.x"
}
]
}
],
"datePublic": "2017-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "98936",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98936"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"name": "1038617",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038617"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vSphere Data Protection (VDP)",
"version": {
"version_data": [
{
"version_value": "6.1.x"
},
{
"version_value": "6.0.x"
},
{
"version_value": "5.8.x"
},
{
"version_value": "5.5.x"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98936"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"name": "1038617",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038617"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4917",
"datePublished": "2017-06-07T17:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:47:42.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4914 (GCVE-0-2017-4914)
Vulnerability from cvelistv5
Published
2017-06-07 17:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Command Execution
Summary
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | vSphere Data Protection (VDP) |
Version: 6.1.x Version: 6.0.x Version: 5.8.x Version: 5.5.x |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98939"
},
{
"name": "42152",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42152/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"name": "1038617",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vSphere Data Protection (VDP)",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.1.x"
},
{
"status": "affected",
"version": "6.0.x"
},
{
"status": "affected",
"version": "5.8.x"
},
{
"status": "affected",
"version": "5.5.x"
}
]
}
],
"datePublic": "2017-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "98939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98939"
},
{
"name": "42152",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42152/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"name": "1038617",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038617"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vSphere Data Protection (VDP)",
"version": {
"version_data": [
{
"version_value": "6.1.x"
},
{
"version_value": "6.0.x"
},
{
"version_value": "5.8.x"
},
{
"version_value": "5.5.x"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98939"
},
{
"name": "42152",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42152/"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"name": "1038617",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038617"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4914",
"datePublished": "2017-06-07T17:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:47:43.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7456 (GCVE-0-2016-7456)
Vulnerability from cvelistv5
Published
2016-12-29 09:02
Modified
2024-08-06 01:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1037502",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037502"
},
{
"name": "94990",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94990"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T21:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "1037502",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037502"
},
{
"name": "94990",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94990"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2016-7456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037502",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037502"
},
{
"name": "94990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94990"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0024.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2016-7456",
"datePublished": "2016-12-29T09:02:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11067 (GCVE-0-2018-11067)
Vulnerability from cvelistv5
Published
2018-11-26 20:00
Modified
2024-09-17 00:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Open Redirection Vulnerability
Summary
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Dell EMC | Avamar |
Version: 7.2.0 Version: 7.2.1 Version: 7.3.0 Version: 7.3.1 Version: 7.4.0 Version: 7.4.1 Version: 7.5.0 Version: 7.5.1 Version: 18.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105969",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105969"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2018-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirection Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105969",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105969"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11067",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.5.1"
},
{
"version_value": "18.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirection Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105969"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11067",
"datePublished": "2018-11-26T20:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-17T00:11:44.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4632 (GCVE-0-2014-4632)
Vulnerability from cvelistv5
Published
2015-02-01 02:00
Modified
2024-08-06 11:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:26.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0002.html"
},
{
"name": "20150130 ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0154.html"
},
{
"name": "emc-vmware-cve20144632-sec-bypass(100866)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100866"
},
{
"name": "1031664",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031664"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0002.html"
},
{
"name": "20150130 ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0154.html"
},
{
"name": "emc-vmware-cve20144632-sec-bypass(100866)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100866"
},
{
"name": "1031664",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031664"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-4632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2015-0002.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0002.html"
},
{
"name": "20150130 ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0154.html"
},
{
"name": "emc-vmware-cve20144632-sec-bypass(100866)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100866"
},
{
"name": "1031664",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031664"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-4632",
"datePublished": "2015-02-01T02:00:00",
"dateReserved": "2014-06-24T00:00:00",
"dateUpdated": "2024-08-06T11:20:26.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11066 (GCVE-0-2018-11066)
Vulnerability from cvelistv5
Published
2018-11-26 20:00
Modified
2024-09-17 03:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution Vulnerability
Summary
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Dell EMC | Avamar |
Version: 7.2.0 Version: 7.2.1 Version: 7.3.0 Version: 7.3.1 Version: 7.4.0 Version: 7.4.1 Version: 7.5.0 Version: 7.5.1 Version: 18.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105968",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105968"
},
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2018-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "105968",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105968"
},
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11066",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.5.1"
},
{
"version_value": "18.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105968"
},
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11066",
"datePublished": "2018-11-26T20:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-17T03:43:20.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11077 (GCVE-0-2018-11077)
Vulnerability from cvelistv5
Published
2018-11-26 20:00
Modified
2024-09-17 03:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Command Injection Vulnerability
Summary
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Dell EMC | Avamar |
Version: 7.2.0 Version: 7.2.1 Version: 7.3.0 Version: 7.3.1 Version: 7.4.0 Version: 7.4.1 Version: 7.5.0 Version: 7.5.1 Version: 18.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"name": "105971",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105971"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2018-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "\u0027getlogs\u0027 utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"name": "105971",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105971"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11077",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.5.1"
},
{
"version_value": "18.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\u0027getlogs\u0027 utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"name": "105971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105971"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11077",
"datePublished": "2018-11-26T20:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-17T03:06:58.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2015-02-01 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vsphere_data_protection | 5.1 | |
| vmware | vsphere_data_protection | 5.5.1 | |
| vmware | vsphere_data_protection | 5.5.6 | |
| vmware | vsphere_data_protection | 5.5.7 | |
| vmware | vsphere_data_protection | 5.5.8 | |
| vmware | vsphere_data_protection | 5.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58B60812-00CA-42CA-8714-EE8D9C88D939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2725FD-0BEF-442B-A2D6-83C1BF3644E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8679C1-4ACA-4E6C-90FC-C906C6E70AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "43F7F343-0BC4-4142-8FEF-3F52A1AD6EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5455D69B-3439-4345-956F-EB7F80D8AFED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "333C262E-9FB0-4A7B-8269-D58FA1371679",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate."
},
{
"lang": "es",
"value": "vSphere Data Protection (VDP) versi\u00f3n 5.1, versiones 5.5 anteriores a 5.5.9 y versiones 5.8 anteriores a 5.8.1 de VMware y el cliente proxy en Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) versiones 6.x y 7.0.x de EMC, no comprueba apropiadamente los certificados X.509 de los servidores SSL de vCenter Server, lo que permite atacantes de tipo man-in-the-middle falsificar servidores, y omitir las restricciones de acceso de copia de seguridad y restauraci\u00f3n previstas, por medio de un certificado dise\u00f1ado."
}
],
"id": "CVE-2014-4632",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-02-01T02:59:00.050",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0154.html"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1031664"
},
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0002.html"
},
{
"source": "security_alert@emc.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0154.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100866"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-07 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/98936 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1038617 | ||
| security@vmware.com | http://www.vmware.com/security/advisories/VMSA-2017-0010.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98936 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038617 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2017-0010.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vsphere_data_protection | 5.5.5 | |
| vmware | vsphere_data_protection | 5.5.6 | |
| vmware | vsphere_data_protection | 5.5.7 | |
| vmware | vsphere_data_protection | 5.5.8 | |
| vmware | vsphere_data_protection | 5.5.9 | |
| vmware | vsphere_data_protection | 5.5.10 | |
| vmware | vsphere_data_protection | 5.5.11 | |
| vmware | vsphere_data_protection | 5.8.0 | |
| vmware | vsphere_data_protection | 5.8.1 | |
| vmware | vsphere_data_protection | 5.8.2 | |
| vmware | vsphere_data_protection | 5.8.3 | |
| vmware | vsphere_data_protection | 5.8.4 | |
| vmware | vsphere_data_protection | 6.0.0 | |
| vmware | vsphere_data_protection | 6.0.1 | |
| vmware | vsphere_data_protection | 6.0.2 | |
| vmware | vsphere_data_protection | 6.0.3 | |
| vmware | vsphere_data_protection | 6.0.4 | |
| vmware | vsphere_data_protection | 6.1.0 | |
| vmware | vsphere_data_protection | 6.1.1 | |
| vmware | vsphere_data_protection | 6.1.2 | |
| vmware | vsphere_data_protection | 6.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "785AF64D-7D94-49C2-9590-54C709736136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8679C1-4ACA-4E6C-90FC-C906C6E70AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "43F7F343-0BC4-4142-8FEF-3F52A1AD6EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5455D69B-3439-4345-956F-EB7F80D8AFED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E49E8B4D-B20A-42F5-BDAF-A53459E980BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2ABC25F6-3793-475A-A4AA-B52CA0B6AFC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AE870CC9-2B3B-4C80-AB92-A0F1CB869BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "333C262E-9FB0-4A7B-8269-D58FA1371679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB9A697-E4F7-4A8E-BFCC-ACC33EEFF33C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2438674B-8D7C-433A-A7F1-E97A546DC3D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05828BD4-C209-4278-80DF-632274B2ECBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "59A07628-0466-4E91-B016-4C6B311C479E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF32F55-AE25-4F52-B043-1C2623344F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC123DA-FBC3-4075-B4C0-A5295A6965A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8E9053-F846-48A5-93D7-35D0665D4038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A908399-8C17-46B6-B554-77F588C2BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8AFC55-915D-46AC-80DA-E100F4CFFD64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B9A334-69EB-4E88-A446-18A1B0C669B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained."
},
{
"lang": "es",
"value": "vSphere Data Protection (VDP) versiones 6.1.x, 6.0.x, 5.8.x y 5.5.x de Vmware, almacena localmente las credenciales del Servidor vCenter utilizando un cifrado reversible. Este problema puede permitir que credenciales de texto plano puedan ser obtenidas ."
}
],
"id": "CVE-2017-4917",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-07T17:29:00.897",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98936"
},
{
"source": "security@vmware.com",
"url": "http://www.securitytracker.com/id/1038617"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-29 09:59
Modified
2025-04-12 10:46
Severity ?
Summary
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/94990 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1037502 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.vmware.com/security/advisories/VMSA-2016-0024.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94990 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037502 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2016-0024.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vsphere_data_protection | 5.5.1 | |
| vmware | vsphere_data_protection | 5.5.5 | |
| vmware | vsphere_data_protection | 5.5.6 | |
| vmware | vsphere_data_protection | 5.5.7 | |
| vmware | vsphere_data_protection | 5.5.8 | |
| vmware | vsphere_data_protection | 5.5.9 | |
| vmware | vsphere_data_protection | 5.5.10 | |
| vmware | vsphere_data_protection | 5.5.11 | |
| vmware | vsphere_data_protection | 5.8.0 | |
| vmware | vsphere_data_protection | 5.8.1 | |
| vmware | vsphere_data_protection | 5.8.2 | |
| vmware | vsphere_data_protection | 5.8.3 | |
| vmware | vsphere_data_protection | 5.8.4 | |
| vmware | vsphere_data_protection | 6.0.0 | |
| vmware | vsphere_data_protection | 6.0.1 | |
| vmware | vsphere_data_protection | 6.0.2 | |
| vmware | vsphere_data_protection | 6.0.3 | |
| vmware | vsphere_data_protection | 6.0.4 | |
| vmware | vsphere_data_protection | 6.1.0 | |
| vmware | vsphere_data_protection | 6.1.1 | |
| vmware | vsphere_data_protection | 6.1.2 | |
| vmware | vsphere_data_protection | 6.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2725FD-0BEF-442B-A2D6-83C1BF3644E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "785AF64D-7D94-49C2-9590-54C709736136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8679C1-4ACA-4E6C-90FC-C906C6E70AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "43F7F343-0BC4-4142-8FEF-3F52A1AD6EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5455D69B-3439-4345-956F-EB7F80D8AFED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E49E8B4D-B20A-42F5-BDAF-A53459E980BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2ABC25F6-3793-475A-A4AA-B52CA0B6AFC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AE870CC9-2B3B-4C80-AB92-A0F1CB869BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "333C262E-9FB0-4A7B-8269-D58FA1371679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB9A697-E4F7-4A8E-BFCC-ACC33EEFF33C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2438674B-8D7C-433A-A7F1-E97A546DC3D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05828BD4-C209-4278-80DF-632274B2ECBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "59A07628-0466-4E91-B016-4C6B311C479E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF32F55-AE25-4F52-B043-1C2623344F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC123DA-FBC3-4075-B4C0-A5295A6965A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8E9053-F846-48A5-93D7-35D0665D4038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A908399-8C17-46B6-B554-77F588C2BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8AFC55-915D-46AC-80DA-E100F4CFFD64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B9A334-69EB-4E88-A446-18A1B0C669B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session."
},
{
"lang": "es",
"value": "VMware vSphere Data Protection (VDP) 5.5.x hasta la versi\u00f3n 6.1.x tiene una clave privada SSH con una contrase\u00f1a p\u00fablicamente conocida, lo que hace m\u00e1s f\u00e1cil a atacantes remotos obtener acceso de inicio de sesi\u00f3n a trav\u00e9s de una sesi\u00f3n SSH."
}
],
"id": "CVE-2016-7456",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-29T09:59:00.540",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94990"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037502"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0024.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-07 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vsphere_data_protection | 5.5.1 | |
| vmware | vsphere_data_protection | 5.5.5 | |
| vmware | vsphere_data_protection | 5.5.6 | |
| vmware | vsphere_data_protection | 5.5.7 | |
| vmware | vsphere_data_protection | 5.5.8 | |
| vmware | vsphere_data_protection | 5.5.9 | |
| vmware | vsphere_data_protection | 5.5.10 | |
| vmware | vsphere_data_protection | 5.5.11 | |
| vmware | vsphere_data_protection | 5.8.0 | |
| vmware | vsphere_data_protection | 5.8.1 | |
| vmware | vsphere_data_protection | 5.8.2 | |
| vmware | vsphere_data_protection | 5.8.3 | |
| vmware | vsphere_data_protection | 5.8.4 | |
| vmware | vsphere_data_protection | 6.0.0 | |
| vmware | vsphere_data_protection | 6.0.1 | |
| vmware | vsphere_data_protection | 6.0.2 | |
| vmware | vsphere_data_protection | 6.0.3 | |
| vmware | vsphere_data_protection | 6.0.4 | |
| vmware | vsphere_data_protection | 6.1.0 | |
| vmware | vsphere_data_protection | 6.1.1 | |
| vmware | vsphere_data_protection | 6.1.2 | |
| vmware | vsphere_data_protection | 6.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2725FD-0BEF-442B-A2D6-83C1BF3644E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "785AF64D-7D94-49C2-9590-54C709736136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8679C1-4ACA-4E6C-90FC-C906C6E70AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "43F7F343-0BC4-4142-8FEF-3F52A1AD6EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5455D69B-3439-4345-956F-EB7F80D8AFED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E49E8B4D-B20A-42F5-BDAF-A53459E980BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2ABC25F6-3793-475A-A4AA-B52CA0B6AFC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AE870CC9-2B3B-4C80-AB92-A0F1CB869BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "333C262E-9FB0-4A7B-8269-D58FA1371679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB9A697-E4F7-4A8E-BFCC-ACC33EEFF33C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2438674B-8D7C-433A-A7F1-E97A546DC3D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05828BD4-C209-4278-80DF-632274B2ECBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "59A07628-0466-4E91-B016-4C6B311C479E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF32F55-AE25-4F52-B043-1C2623344F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC123DA-FBC3-4075-B4C0-A5295A6965A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8E9053-F846-48A5-93D7-35D0665D4038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A908399-8C17-46B6-B554-77F588C2BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8AFC55-915D-46AC-80DA-E100F4CFFD64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B9A334-69EB-4E88-A446-18A1B0C669B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance."
},
{
"lang": "es",
"value": "VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, y 5.5.x contiene un problema de deserializaci\u00f3n que permitir\u00eda a un atacante remoto ejecutar comandos en el aparato."
}
],
"id": "CVE-2017-4914",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-07T17:29:00.867",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98939"
},
{
"source": "security@vmware.com",
"url": "http://www.securitytracker.com/id/1038617"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"source": "security@vmware.com",
"url": "https://www.exploit-db.com/exploits/42152/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/42152/"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-26 20:29
Modified
2024-11-21 03:42
Severity ?
Summary
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/105972 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1042153 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://seclists.org/fulldisclosure/2018/Nov/50 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | https://www.vmware.com/security/advisories/VMSA-2018-0029.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105972 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Nov/50 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2018-0029.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_avamar | 7.2.0 | |
| dell | emc_avamar | 7.2.1 | |
| dell | emc_avamar | 7.3.0 | |
| dell | emc_avamar | 7.3.1 | |
| dell | emc_avamar | 7.4.0 | |
| dell | emc_avamar | 7.4.1 | |
| dell | emc_integrated_data_protection_appliance | 2.0 | |
| vmware | vsphere_data_protection | 6.0.0 | |
| vmware | vsphere_data_protection | 6.0.1 | |
| vmware | vsphere_data_protection | 6.0.2 | |
| vmware | vsphere_data_protection | 6.0.3 | |
| vmware | vsphere_data_protection | 6.0.4 | |
| vmware | vsphere_data_protection | 6.0.5 | |
| vmware | vsphere_data_protection | 6.0.6 | |
| vmware | vsphere_data_protection | 6.0.7 | |
| vmware | vsphere_data_protection | 6.0.8 | |
| vmware | vsphere_data_protection | 6.1.0 | |
| vmware | vsphere_data_protection | 6.1.1 | |
| vmware | vsphere_data_protection | 6.1.2 | |
| vmware | vsphere_data_protection | 6.1.3 | |
| vmware | vsphere_data_protection | 6.1.4 | |
| vmware | vsphere_data_protection | 6.1.5 | |
| vmware | vsphere_data_protection | 6.1.6 | |
| vmware | vsphere_data_protection | 6.1.7 | |
| vmware | vsphere_data_protection | 6.1.8 | |
| vmware | vsphere_data_protection | 6.1.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9FD281-DB86-4D2D-BC19-CE2453709121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA20E0E8-6812-4416-93AA-E59B693FCFC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "066595A8-C9EC-4ED3-AE76-A778F226B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA338A4-140B-4C5E-9D58-C17163EBE629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "490F94D4-CD84-418F-BCF3-A5FF2F98BEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FAAFDD-6A1B-44DE-92CB-B60D24397FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF32F55-AE25-4F52-B043-1C2623344F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC123DA-FBC3-4075-B4C0-A5295A6965A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8E9053-F846-48A5-93D7-35D0665D4038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "561D7F05-3074-44E8-A9C9-11CF1B8FFF49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF81991D-6B69-4849-86B3-3A35CCB4B4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F9DE2E06-EAF2-401B-A775-44EF23D17691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "12DE5F53-7FEC-4EF0-9841-C8493AE25E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A908399-8C17-46B6-B554-77F588C2BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8AFC55-915D-46AC-80DA-E100F4CFFD64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B9A334-69EB-4E88-A446-18A1B0C669B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D94A218-4CA0-46EA-BA44-24E90037222D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AC527586-5680-4626-95D4-28EF84439DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1476A3A-9BD3-4DF5-8290-CC32AFFA122C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F946694-A52E-46C9-A4C7-663B5EE01138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D006B093-4DEB-4911-995C-744B3189D46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "664DCBF4-0C41-4B68-B983-4E16933BA269",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
},
{
"lang": "es",
"value": "Las versiones 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 y 7.4.1 de Dell EMC Avamar Server y la 2.0 de Dell EMC Integrated Data Protection Appliance (IDPA) se ven afectadas por una vulnerabilidad de exposici\u00f3n de informaci\u00f3n. La clave privada \"SSL/TLS\" de la consola de gesti\u00f3n de Avamar Java podr\u00eda divulgarse en el paquete del cliente de gesti\u00f3n del mismo. Esta clave privada podr\u00eda ser usada por un atacante no autenticado en la misma capa data-link para iniciar un ataque Man-in-the-Middle (MitM) contra los usuarios de la consola de gesti\u00f3n."
}
],
"id": "CVE-2018-11076",
"lastModified": "2024-11-21T03:42:37.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-26T20:29:00.357",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105972"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042153"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-26 20:29
Modified
2024-11-21 03:42
Severity ?
Summary
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/105969 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1042153 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://seclists.org/fulldisclosure/2018/Nov/49 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | https://www.vmware.com/security/advisories/VMSA-2018-0029.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105969 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Nov/49 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2018-0029.html | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9FD281-DB86-4D2D-BC19-CE2453709121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA20E0E8-6812-4416-93AA-E59B693FCFC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "066595A8-C9EC-4ED3-AE76-A778F226B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA338A4-140B-4C5E-9D58-C17163EBE629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "490F94D4-CD84-418F-BCF3-A5FF2F98BEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FAAFDD-6A1B-44DE-92CB-B60D24397FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EA6C66A-CD8D-4829-891D-64FF533F3780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B634FEE-123C-413B-8D06-7D9E4AE0995B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9022A46B-7D49-492A-8DC4-CBA9C2001497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76D6282D-ABA7-4972-8E13-2A625F13CF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06E2AD30-A9F5-453C-BC38-2A35DD39FA85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF32F55-AE25-4F52-B043-1C2623344F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC123DA-FBC3-4075-B4C0-A5295A6965A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8E9053-F846-48A5-93D7-35D0665D4038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "561D7F05-3074-44E8-A9C9-11CF1B8FFF49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF81991D-6B69-4849-86B3-3A35CCB4B4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F9DE2E06-EAF2-401B-A775-44EF23D17691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "12DE5F53-7FEC-4EF0-9841-C8493AE25E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A908399-8C17-46B6-B554-77F588C2BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8AFC55-915D-46AC-80DA-E100F4CFFD64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B9A334-69EB-4E88-A446-18A1B0C669B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D94A218-4CA0-46EA-BA44-24E90037222D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AC527586-5680-4626-95D4-28EF84439DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1476A3A-9BD3-4DF5-8290-CC32AFFA122C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F946694-A52E-46C9-A4C7-663B5EE01138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D006B093-4DEB-4911-995C-744B3189D46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "664DCBF4-0C41-4B68-B983-4E16933BA269",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
},
{
"lang": "es",
"value": "Dell EMC Avamar Client Manager, en las versiones 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 y 18.1 de Dell EMC Avamar Server y las 2.0, 2.1 y 2.2 de Dell EMC Integrated Data Protection Appliance (IDPA) tienen una vulnerabilidad de redirecci\u00f3n abierta. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad para redirigir los usuarios de la aplicaci\u00f3n a URL de p\u00e1ginas web arbitrarias, enga\u00f1\u00e1ndolos para que hagan clic en enlaces maliciosamente manipulados. Se podr\u00eda usar esta vulnerabilidad para realizar ataques de phishing que provoquen que los usuarios visiten sitios web maliciosos sin querer."
}
],
"id": "CVE-2018-11067",
"lastModified": "2024-11-21T03:42:36.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-26T20:29:00.297",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105969"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042153"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-26 20:29
Modified
2024-11-21 03:42
Severity ?
Summary
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/105968 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1042153 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://seclists.org/fulldisclosure/2018/Nov/49 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | https://www.vmware.com/security/advisories/VMSA-2018-0029.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105968 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Nov/49 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2018-0029.html | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9FD281-DB86-4D2D-BC19-CE2453709121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA20E0E8-6812-4416-93AA-E59B693FCFC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "066595A8-C9EC-4ED3-AE76-A778F226B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA338A4-140B-4C5E-9D58-C17163EBE629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "490F94D4-CD84-418F-BCF3-A5FF2F98BEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FAAFDD-6A1B-44DE-92CB-B60D24397FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EA6C66A-CD8D-4829-891D-64FF533F3780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B634FEE-123C-413B-8D06-7D9E4AE0995B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9022A46B-7D49-492A-8DC4-CBA9C2001497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76D6282D-ABA7-4972-8E13-2A625F13CF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06E2AD30-A9F5-453C-BC38-2A35DD39FA85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF32F55-AE25-4F52-B043-1C2623344F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC123DA-FBC3-4075-B4C0-A5295A6965A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8E9053-F846-48A5-93D7-35D0665D4038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "561D7F05-3074-44E8-A9C9-11CF1B8FFF49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF81991D-6B69-4849-86B3-3A35CCB4B4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F9DE2E06-EAF2-401B-A775-44EF23D17691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "12DE5F53-7FEC-4EF0-9841-C8493AE25E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A908399-8C17-46B6-B554-77F588C2BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8AFC55-915D-46AC-80DA-E100F4CFFD64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B9A334-69EB-4E88-A446-18A1B0C669B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D94A218-4CA0-46EA-BA44-24E90037222D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AC527586-5680-4626-95D4-28EF84439DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1476A3A-9BD3-4DF5-8290-CC32AFFA122C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F946694-A52E-46C9-A4C7-663B5EE01138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D006B093-4DEB-4911-995C-744B3189D46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "664DCBF4-0C41-4B68-B983-4E16933BA269",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
},
{
"lang": "es",
"value": "Dell EMC Avamar Client Manager, en las versiones 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 y 18.1 de Dell EMC Avamar Server y las 2.0, 2.1 y 2.2 de Dell EMC Integrated Data Protection Appliance (IDPA) tienen una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad para ejecutar comandos arbitrarios en el servidor."
}
],
"id": "CVE-2018-11066",
"lastModified": "2024-11-21T03:42:36.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-26T20:29:00.247",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105968"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042153"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-26 20:29
Modified
2024-11-21 03:42
Severity ?
Summary
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/105971 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1042153 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://seclists.org/fulldisclosure/2018/Nov/51 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | https://www.vmware.com/security/advisories/VMSA-2018-0029.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105971 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Nov/51 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2018-0029.html | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9FD281-DB86-4D2D-BC19-CE2453709121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA20E0E8-6812-4416-93AA-E59B693FCFC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "066595A8-C9EC-4ED3-AE76-A778F226B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA338A4-140B-4C5E-9D58-C17163EBE629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "490F94D4-CD84-418F-BCF3-A5FF2F98BEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FAAFDD-6A1B-44DE-92CB-B60D24397FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EA6C66A-CD8D-4829-891D-64FF533F3780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B634FEE-123C-413B-8D06-7D9E4AE0995B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9022A46B-7D49-492A-8DC4-CBA9C2001497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76D6282D-ABA7-4972-8E13-2A625F13CF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06E2AD30-A9F5-453C-BC38-2A35DD39FA85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF32F55-AE25-4F52-B043-1C2623344F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC123DA-FBC3-4075-B4C0-A5295A6965A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8E9053-F846-48A5-93D7-35D0665D4038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "561D7F05-3074-44E8-A9C9-11CF1B8FFF49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF81991D-6B69-4849-86B3-3A35CCB4B4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F9DE2E06-EAF2-401B-A775-44EF23D17691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "12DE5F53-7FEC-4EF0-9841-C8493AE25E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A908399-8C17-46B6-B554-77F588C2BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8AFC55-915D-46AC-80DA-E100F4CFFD64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B9A334-69EB-4E88-A446-18A1B0C669B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D94A218-4CA0-46EA-BA44-24E90037222D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AC527586-5680-4626-95D4-28EF84439DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1476A3A-9BD3-4DF5-8290-CC32AFFA122C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F946694-A52E-46C9-A4C7-663B5EE01138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D006B093-4DEB-4911-995C-744B3189D46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "664DCBF4-0C41-4B68-B983-4E16933BA269",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\u0027getlogs\u0027 utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
},
{
"lang": "es",
"value": "La utilidad \"getlogs\" en las versiones 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 y 18.1 de Dell EMC Avamar Server y las 2.0, 2.1 y 2.2 de Dell EMC Integrated Data Protection Appliance (IDPA) se ven afectadas por una vulnerabilidad de inyecci\u00f3n de comandos en el sistema operativo. Un usuario \"Avamar admin\" malicioso podr\u00eda ejecutar comandos arbitrarios bajo el privilegio root."
}
],
"id": "CVE-2018-11077",
"lastModified": "2024-11-21T03:42:38.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-26T20:29:00.420",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105971"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042153"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}