VYPR

Vsphere Data Protection

by VMware

CVEs (4)

  • CVE-2016-7456CriDec 29, 2016
    risk 0.69cvss 9.8epss 0.33

    VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.

  • CVE-2017-4914CriJun 7, 2017
    risk 0.67cvss 9.8epss 0.09

    VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.

  • CVE-2017-4917CriJun 7, 2017
    risk 0.64cvss 9.8epss 0.01

    VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.

  • CVE-2014-4632Feb 1, 2015
    risk 0.00cvss epss 0.01

    VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows…