Vulnerability in Vmware Vsphere_data_protection

CVE-2014-4632

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Serv…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.001 (34.4th percentile) — read the EPSS interpretation.

Affected products

Vmware Vsphere_data_protection — versions 5.1, 5.5.1, 5.5.6
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

security_alert@emc.com (x_refsource_CONFIRM, Vendor Advisory)
20150130 ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability (mailing-list, x_refsource_BUGTRAQ)
emc-vmware-cve20144632-sec-bypass(100866) (vdb-entry, x_refsource_XF)
1031664 (vdb-entry, x_refsource_SECTRACK)