CVE-2014-4632

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vmware:vsphere_data_protection:5.5.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vsphere_data_protection:5.5.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vsphere_data_protection:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vsphere_data_protection:5.5.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vsphere_data_protection:5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vsphere_data_protection:5.8.0:*:*:*:*:*:*:*

Information

Published : 2015-01-31 18:59

Updated : 2017-08-28 18:35


NVD link : CVE-2014-4632

Mitre link : CVE-2014-4632


JSON object : View

CWE
CWE-310

Cryptographic Issues

Advertisement

dedicated server usa

Products Affected

vmware

  • vsphere_data_protection