MEDIUM🇬🇧 English

CVE-2018-11076

CVSS 6.5v3.0pub. 2018-11-26upd. 2024-11-21

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.

oryginał EN
CVSS Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Dell Emc Avamar

    APP
    Dell
    7.2.07.2.17.3.07.3.17.4.07.4.1
  • Dell Emc Integrated Data Protection Appliance

    APP
    Dell
    2.0
  • VMware vSphere Data Protection

    APP
    Vmware
    6.0.06.0.16.0.26.0.36.0.46.0.56.0.66.0.76.0.86.1.06.1.16.1.26.1.36.1.46.1.5+ 4 więcej
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2020-29493CRITICAL10.0ten sam produkt

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. ...

CVE-2020-29495CRITICAL10.0ten sam produkt

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness An...

CVE-2018-11066CRITICAL9.8ten sam produkt

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7....

CVE-2018-1217CRITICAL9.8ten sam produkt

Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Pr...

CVE-2017-4914CRITICAL9.8ten sam produkt

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploita...