Vulnerabilities > Vmware > Vsphere Data Protection

DATE CVE VULNERABILITY TITLE RISK
2018-11-26 CVE-2018-11077 OS Command Injection vulnerability in multiple products
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability.
local
low complexity
dell vmware CWE-78
6.7
6.7
2018-11-26 CVE-2018-11076 Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability.
low complexity
dell vmware
6.5
6.5
2018-11-26 CVE-2018-11067 Open Redirect vulnerability in multiple products
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability.
network
low complexity
dell vmware CWE-601
6.1
6.1
2018-11-26 CVE-2018-11066 Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability.
network
low complexity
dell vmware
critical
 9.8
9.8
2017-06-07 CVE-2017-4917 Use of a Broken or Risky Cryptographic Algorithm vulnerability in VMWare Vsphere Data Protection
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption.
network
low complexity
vmware CWE-327
critical
 9.8
9.8
2017-06-07 CVE-2017-4914 Deserialization of Untrusted Data vulnerability in VMWare Vsphere Data Protection
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue.
network
low complexity
vmware CWE-502
critical
 9.8
9.8
2016-12-29 CVE-2016-7456 Credentials Management vulnerability in VMWare Vsphere Data Protection
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
network
low complexity
vmware CWE-255
critical
 9.8
9.8