Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-11076

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.

Published

2018-11-26T20:29:00.357

Last Modified

2024-11-21T03:42:37.883

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:P/I:N/A:N

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

6.5

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dell	emc_avamar	7.2.0	Yes
Application	dell	emc_avamar	7.2.1	Yes
Application	dell	emc_avamar	7.3.0	Yes
Application	dell	emc_avamar	7.3.1	Yes
Application	dell	emc_avamar	7.4.0	Yes
Application	dell	emc_avamar	7.4.1	Yes
Application	dell	emc_integrated_data_protection_appliance	2.0	Yes
Application	vmware	vsphere_data_protection	6.0.0	Yes
Application	vmware	vsphere_data_protection	6.0.1	Yes
Application	vmware	vsphere_data_protection	6.0.2	Yes
Application	vmware	vsphere_data_protection	6.0.3	Yes
Application	vmware	vsphere_data_protection	6.0.4	Yes
Application	vmware	vsphere_data_protection	6.0.5	Yes
Application	vmware	vsphere_data_protection	6.0.6	Yes
Application	vmware	vsphere_data_protection	6.0.7	Yes
Application	vmware	vsphere_data_protection	6.0.8	Yes
Application	vmware	vsphere_data_protection	6.1.0	Yes
Application	vmware	vsphere_data_protection	6.1.1	Yes
Application	vmware	vsphere_data_protection	6.1.2	Yes
Application	vmware	vsphere_data_protection	6.1.3	Yes
Application	vmware	vsphere_data_protection	6.1.4	Yes
Application	vmware	vsphere_data_protection	6.1.5	Yes
Application	vmware	vsphere_data_protection	6.1.6	Yes
Application	vmware	vsphere_data_protection	6.1.7	Yes
Application	vmware	vsphere_data_protection	6.1.8	Yes
Application	vmware	vsphere_data_protection	6.1.9	Yes

References

http://www.securityfocus.com/bid/105972 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1042153 Third Party Advisory, VDB Entry ([email protected])
https://seclists.org/fulldisclosure/2018/Nov/50 Mailing List, Third Party Advisory ([email protected])
https://www.vmware.com/security/advisories/VMSA-2018-0029.html Patch, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/105972 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1042153 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/fulldisclosure/2018/Nov/50 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.vmware.com/security/advisories/VMSA-2018-0029.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)