Skip to main content

Vsphere Data Protection

8 CVEs product

Monthly

CVE-2018-11077 MEDIUM PATCH This Month

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Dell Command Injection Emc Avamar Emc Integrated Data Protection Appliance Vsphere Data Protection
NVD
CVSS 3.0
6.7
EPSS
1.0%
CVE-2018-11076 MEDIUM PATCH This Month

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Java Dell Information Disclosure Emc Avamar Emc Integrated Data Protection Appliance +1
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-11067 MEDIUM PATCH This Month

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Dell Open Redirect Emc Avamar Emc Integrated Data Protection Appliance Vsphere Data Protection
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-11066 CRITICAL PATCH Act Now

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell RCE Emc Avamar Emc Integrated Data Protection Appliance Vsphere Data Protection
NVD
CVSS 3.0
9.8
EPSS
9.9%
CVE-2017-4917 CRITICAL PATCH Act Now

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

VMware Information Disclosure Vsphere Data Protection
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-4914 CRITICAL POC PATCH THREAT Act Now

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.3%.

Deserialization VMware Vsphere Data Protection
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
13.3%
CVE-2016-7456 CRITICAL POC THREAT Emergency

VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 82.1%.

VMware Authentication Bypass Vsphere Data Protection
NVD
CVSS 3.0
9.8
EPSS
82.1%
Threat
5.9
CVE-2014-4632 MEDIUM This Month

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

VMware Authentication Bypass Vsphere Data Protection
NVD
CVSS 2.0
4.3
EPSS
0.1%
EPSS 1% CVSS 6.7
MEDIUM PATCH This Month

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Dell Command Injection Emc Avamar +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Java Dell Information Disclosure +3
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Dell Open Redirect Emc Avamar +2
NVD
EPSS 10% CVSS 9.8
CRITICAL PATCH Act Now

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell RCE Emc Avamar +2
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

VMware Information Disclosure Vsphere Data Protection
NVD
EPSS 13% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.3%.

Deserialization VMware Vsphere Data Protection
NVD Exploit-DB
EPSS 82% 5.9 CVSS 9.8
CRITICAL POC THREAT Emergency

VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 82.1%.

VMware Authentication Bypass Vsphere Data Protection
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

VMware Authentication Bypass Vsphere Data Protection
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy