Vulnerabilities > CVE-2018-11076
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.
Vulnerable Configurations
Nessus
| NASL family | Misc. |
| NASL id | VMWARE_VSPHERE_DATA_PROTECTION_VMSA-2018-0029.NASL |
| description | The version of VMware vSphere Data Protection installed on the remote host is 6.0.x < 6.0.9 and 6.1.x < 6.1.10. It is, therefore, affected by the following vulnerabilities: - A remote command execution vulnerability. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. (CVE-2018-11066) - An open redirection vulnerability. An unauthenticated, remote attacker can exploit this to redirect application users to arbitrary, potentially malicious, web URLs. (CVE-2018-11067) - A command injection vulnerability exists in the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 119304 |
| published | 2018-11-30 |
| reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/119304 |
| title | VMware vSphere Data Protection 6.0.x < 6.0.9 / 6.1.x < 6.1.10 Multiple Vulnerabilities (VMSA-2018-0029) |