Vulnerability Description
VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Vsphere Data Protection | 5.1 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2015-01/0154.html
- http://www.securitytracker.com/id/1031664
- http://www.vmware.com/security/advisories/VMSA-2015-0002.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100866
- http://archives.neohapsis.com/archives/bugtraq/2015-01/0154.html
- http://www.securitytracker.com/id/1031664
- http://www.vmware.com/security/advisories/VMSA-2015-0002.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100866
FAQ
What is CVE-2014-4632?
CVE-2014-4632 is a vulnerability with a CVSS score of 4.3 (MEDIUM). VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly veri...
How severe is CVE-2014-4632?
CVE-2014-4632 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4632?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Vsphere Data Protection.