Lucene search

[email protected]NVD:CVE-2018-11076

HistoryNov 26, 2018 - 8:29 p.m.

CVE-2018-11076

2018-11-2620:29:00

[email protected]

web.nvd.nist.gov

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

25.1%

JSON

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console’s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.

Affected configurations

Nvd

Node

dellemc_avamarMatch7.2.0

dellemc_avamarMatch7.2.1

dellemc_avamarMatch7.3.0

dellemc_avamarMatch7.3.1

dellemc_avamarMatch7.4.0

dellemc_avamarMatch7.4.1

dellemc_integrated_data_protection_applianceMatch2.0

Node

vmwarevsphere_data_protectionMatch6.0.0

vmwarevsphere_data_protectionMatch6.0.1

vmwarevsphere_data_protectionMatch6.0.2

vmwarevsphere_data_protectionMatch6.0.3

vmwarevsphere_data_protectionMatch6.0.4

vmwarevsphere_data_protectionMatch6.0.5

vmwarevsphere_data_protectionMatch6.0.6

vmwarevsphere_data_protectionMatch6.0.7

vmwarevsphere_data_protectionMatch6.0.8

vmwarevsphere_data_protectionMatch6.1.0

vmwarevsphere_data_protectionMatch6.1.1

vmwarevsphere_data_protectionMatch6.1.2

vmwarevsphere_data_protectionMatch6.1.3

vmwarevsphere_data_protectionMatch6.1.4

vmwarevsphere_data_protectionMatch6.1.5

vmwarevsphere_data_protectionMatch6.1.6

vmwarevsphere_data_protectionMatch6.1.7

vmwarevsphere_data_protectionMatch6.1.8

vmwarevsphere_data_protectionMatch6.1.9

VendorProductVersionCPE
dellemc_avamar7.2.0cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*
dellemc_avamar7.2.1cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*
dellemc_avamar7.3.0cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*
dellemc_avamar7.3.1cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*
dellemc_avamar7.4.0cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*
dellemc_avamar7.4.1cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*
dellemc_integrated_data_protection_appliance2.0cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*
vmwarevsphere_data_protection6.0.0cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*
vmwarevsphere_data_protection6.0.1cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*
vmwarevsphere_data_protection6.0.2cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	emc_avamar	7.2.0	cpe:2.3:a:dell:emc_avamar:7.2.0:::::::*
dell	emc_avamar	7.2.1	cpe:2.3:a:dell:emc_avamar:7.2.1:::::::*
dell	emc_avamar	7.3.0	cpe:2.3:a:dell:emc_avamar:7.3.0:::::::*
dell	emc_avamar	7.3.1	cpe:2.3:a:dell:emc_avamar:7.3.1:::::::*
dell	emc_avamar	7.4.0	cpe:2.3:a:dell:emc_avamar:7.4.0:::::::*
dell	emc_avamar	7.4.1	cpe:2.3:a:dell:emc_avamar:7.4.1:::::::*
dell	emc_integrated_data_protection_appliance	2.0	cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:::::::*
vmware	vsphere_data_protection	6.0.0	cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:::::::*
vmware	vsphere_data_protection	6.0.1	cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:::::::*
vmware	vsphere_data_protection	6.0.2	cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:::::::*

Rows per page:

1-10 of 261

References

www.securityfocus.com/bid/105972

www.securitytracker.com/id/1042153

seclists.org/fulldisclosure/2018/Nov/50

www.vmware.com/security/advisories/VMSA-2018-0029.html

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

25.1%

JSON

Related for NVD:CVE-2018-11076

cvelist1 prion1 cve1 vmware1 nessus1