PT-2018-17132 · Vmware+1 · Vcenter+1
Thorsten Tuellmann
·
Published
2018-01-22
·
Updated
2018-02-15
·
CVE-2018-5761
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Rubrik CDM versions 3.x and 4.x before 4.0.4-p2
Description:
A man-in-the-middle vulnerability related to vCenter access was found. This issue might expose Rubrik user credentials configured to access vCenter because Rubrik clusters did not verify TLS certificates presented by vCenter.
Recommendations:
For Rubrik CDM versions 3.x and 4.x before 4.0.4-p2, update to version 4.0.4-p2 or later to resolve the issue. As a temporary workaround, consider restricting access to vCenter until the update is applied.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rubrik Cdm
Vcenter