Описание
A man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. This vulnerability might expose Rubrik user credentials configured to access vCenter as Rubrik clusters did not verify TLS certificates presented by vCenter.
Ссылки
- Third Party Advisory
- Permissions Required
- Third Party Advisory
- Permissions Required
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.0 (включая)Версия от 4.0.0 (включая) до 4.0.4 (включая)
Одно из
cpe:2.3:a:rubrik:cdm:*:*:*:*:*:*:*:*
cpe:2.3:a:rubrik:cdm:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:rubrik:cdm:4.0.4:p1:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00132
Низкий
8.1 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
A man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. This vulnerability might expose Rubrik user credentials configured to access vCenter as Rubrik clusters did not verify TLS certificates presented by vCenter.
EPSS
Процентиль: 33%
0.00132
Низкий
8.1 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295