MEDIUM🇵🇱 Wersja polska

CVE-2018-11076

CVSS 6.5v3.0pub. 2018-11-26upd. 2024-11-21

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.

CVSS Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Dell Emc Avamar

    APP
    Dell
    7.2.07.2.17.3.07.3.17.4.07.4.1
  • Dell Emc Integrated Data Protection Appliance

    APP
    Dell
    2.0
  • VMware vSphere Data Protection

    APP
    Vmware
    6.0.06.0.16.0.26.0.36.0.46.0.56.0.66.0.76.0.86.1.06.1.16.1.26.1.36.1.46.1.5+ 4 więcej
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2020-29493CRITICAL10.0ten sam produkt

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. ...

CVE-2020-29495CRITICAL10.0ten sam produkt

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness An...

CVE-2018-11066CRITICAL9.8ten sam produkt

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7....

CVE-2018-1217CRITICAL9.8ten sam produkt

Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Pr...

CVE-2017-4914CRITICAL9.8ten sam produkt

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploita...