CVE-2017-4917

Опубликовано: 07 июн. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.

Ссылки

http://www.securityfocus.com/bid/98936
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038617
http://www.vmware.com/security/advisories/VMSA-2017-0010.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/98936
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038617
http://www.vmware.com/security/advisories/VMSA-2017-0010.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:vsphere_data_protection:5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:5.5.6:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:5.5.7:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:5.5.8:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:5.5.9:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:5.5.10:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:5.5.11:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:5.8.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:5.8.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:5.8.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:5.8.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:5.8.4:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00081

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-327

Связанные уязвимости

GHSA-mrgm-rp63-hxmr