Описание
A man-in-the-middle vulnerability related to vCenter access was found in Cohesity DataPlatform version 5.x and 6.x prior to 6.1.1c. Cohesity clusters did not verify TLS certificates presented by vCenter. This vulnerability could expose Cohesity user credentials configured to access vCenter.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.0 (включая) до 6.1.1c (исключая)
cpe:2.3:a:cohesity:dataplatform:*:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.0014
Низкий
8.1 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
A man-in-the-middle vulnerability related to vCenter access was found in Cohesity DataPlatform version 5.x and 6.x prior to 6.1.1c. Cohesity clusters did not verify TLS certificates presented by vCenter. This vulnerability could expose Cohesity user credentials configured to access vCenter.
EPSS
Процентиль: 34%
0.0014
Низкий
8.1 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295