CVE-2014-4632

Currently unrated

Key Information:

Vendor: Vmware
Status: Vsphere Data Protection
Vendor: CVE Published:; 1 February 2015

Summary

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.

References

http://www.vmware.com/security/advisories/VMSA-2015-0002....

x_refsource_CONFIRM

http://archives.neohapsis.com/archives/bugtraq/2015-01/01...

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/100866

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 1, 2015
Vulnerability Reserved
Jun 24, 2014