Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vmwareVMwareVMSA-2014-0011
HistoryOct 22, 2014 - 12:00 a.m.

VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability.

2014-10-2200:00:00
www.vmware.com
60

EPSS

0.006

Percentile

79.3%

JSON

a. VMware vSphere Data Protection (VDP) contains a vulnerability that may allow a remote user to retrieve sensitive account credentials from the affected VDP server using Java API calls. No authentication to the VDP server is required for this potential attack. Exposed information includes MCUser and GSAN account passwords of all grid systems that are being monitored in VPD Enterprise Manager.

VMware would like to thank Jakub Mleczko from the Orange Poland security team for reporting this issue to EMC and the EMC Product Security Response Center for working with us on the issue.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-4624 to this issue.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

Related

cvelist 1
nvd 1
securityvulns 2
cve 1
prion 1
cvelist
cvelist
CVE-2014-4624
2014-10-25 10:00:00
nvd
nvd
CVE-2014-4624
2014-10-25 10:55:06
securityvulns
securityvulns
ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability
2014-10-27 00:00:00
EMC Avamar security vulnerabilities
2014-10-27 00:00:00
cve
cve
CVE-2014-4624
2014-10-25 10:55:06
prion
prion
Authentication flaw
2014-10-25 10:55:00

EPSS

0.006

Percentile

79.3%

JSON
Related for VMSA-2014-0011
cvelist1nvd1securityvulns2cve1prion1