9.8
CVE-2017-4914
- EPSS 13.34%
- Published 07.06.2017 17:29:00
- Last modified 20.04.2025 01:37:25
- Source security@vmware.com
- Teams watchlist Login
- Open Login
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.
Data is provided by the National Vulnerability Database (NVD)
VMware ≫ Vsphere Data Protection Version5.5.1
VMware ≫ Vsphere Data Protection Version5.5.5
VMware ≫ Vsphere Data Protection Version5.5.6
VMware ≫ Vsphere Data Protection Version5.5.7
VMware ≫ Vsphere Data Protection Version5.5.8
VMware ≫ Vsphere Data Protection Version5.5.9
VMware ≫ Vsphere Data Protection Version5.5.10
VMware ≫ Vsphere Data Protection Version5.5.11
VMware ≫ Vsphere Data Protection Version5.8.0
VMware ≫ Vsphere Data Protection Version5.8.1
VMware ≫ Vsphere Data Protection Version5.8.2
VMware ≫ Vsphere Data Protection Version5.8.3
VMware ≫ Vsphere Data Protection Version5.8.4
VMware ≫ Vsphere Data Protection Version6.0.0
VMware ≫ Vsphere Data Protection Version6.0.1
VMware ≫ Vsphere Data Protection Version6.0.2
VMware ≫ Vsphere Data Protection Version6.0.3
VMware ≫ Vsphere Data Protection Version6.0.4
VMware ≫ Vsphere Data Protection Version6.1.0
VMware ≫ Vsphere Data Protection Version6.1.1
VMware ≫ Vsphere Data Protection Version6.1.2
VMware ≫ Vsphere Data Protection Version6.1.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 13.34% | 0.939 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.