Man-in-the-Middle Vulnerability in VMware vSphere Data Protection and EMC Avamar
CVE-2014-4632

Currently unrated

Key Information:

Vendor
Vmware
Vendor
CVE Published:
1 February 2015

Summary

VMware vSphere Data Protection and EMC Avamar products suffer from an improper verification process for X.509 certificates in SSL connections with vCenter Server. This flaw enables attackers to execute man-in-the-middle attacks, potentially allowing unauthorized access to backup and restore functionalities by presenting a malicious certificate. Organizations utilizing affected versions are urged to implement the recommended updates or mitigations to secure their data against these risks.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.