CVE-2014-4632

Name of the Vulnerable Software and Affected Versions VMware vSphere Data Protection (VDP) versions 5.1, 5.5 through 5.5.8, 5.8 through 5.8.0 EMC Avamar Data Store (ADS) versions 6.x EMC Avamar Virtual Edition (AVE) versions 6.x, 7.0.x

Description The issue allows man-in-the-middle attackers to spoof servers and bypass intended backup and restore access restrictions via a crafted X.509 certificate, due to improper verification of these certificates from vCenter Server SSL servers.

Recommendations For VMware vSphere Data Protection (VDP) versions 5.1, update to version 5.5.9 or later. For VMware vSphere Data Protection (VDP) versions 5.5 through 5.5.8, update to version 5.5.9 or later. For VMware vSphere Data Protection (VDP) versions 5.8 through 5.8.0, update to version 5.8.1 or later. For EMC Avamar Data Store (ADS) versions 6.x, update to a version that properly verifies X.509 certificates. For EMC Avamar Virtual Edition (AVE) versions 6.x, 7.0.x, update to a version that properly verifies X.509 certificates.