Vulnerability Description
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Avamar | 7.2.0 |
| Dell | Emc Integrated Data Protection Appliance | 2.0 |
| Vmware | Vsphere Data Protection | 6.0.0 |
References
- http://www.securityfocus.com/bid/105972Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1042153Third Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2018/Nov/50Mailing ListThird Party Advisory
- https://www.vmware.com/security/advisories/VMSA-2018-0029.htmlPatchThird Party Advisory
- http://www.securityfocus.com/bid/105972Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1042153Third Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2018/Nov/50Mailing ListThird Party Advisory
- https://www.vmware.com/security/advisories/VMSA-2018-0029.htmlPatchThird Party Advisory
FAQ
What is CVE-2018-11076?
CVE-2018-11076 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar J...
How severe is CVE-2018-11076?
CVE-2018-11076 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11076?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Avamar, Dell Emc Integrated Data Protection Appliance, Vmware Vsphere Data Protection.