CVE-2014-4632
First published: Sun Feb 01 2015(Updated: )
VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware vSphere Data Protection | =5.1 | |
| VMware vSphere Data Protection | =5.5.1 | |
| VMware vSphere Data Protection | =5.5.6 | |
| VMware vSphere Data Protection | =5.5.7 | |
| VMware vSphere Data Protection | =5.5.8 | |
| VMware vSphere Data Protection | =5.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware vsphere data protection
- version/vmware vsphere data protection/5.1
- version/vmware vsphere data protection/5.5.1
- version/vmware vsphere data protection/5.5.6
- version/vmware vsphere data protection/5.5.7
- version/vmware vsphere data protection/5.5.8
- version/vmware vsphere data protection/5.8.0