Man-in-the-Middle Vulnerability in VMware vSphere Data Protection and EMC Avamar
CVE-2014-4632
Currently unrated
Summary
VMware vSphere Data Protection and EMC Avamar products suffer from an improper verification process for X.509 certificates in SSL connections with vCenter Server. This flaw enables attackers to execute man-in-the-middle attacks, potentially allowing unauthorized access to backup and restore functionalities by presenting a malicious certificate. Organizations utilizing affected versions are urged to implement the recommended updates or mitigations to secure their data against these risks.
References
Timeline
Vulnerability published
Vulnerability Reserved