9.8

CVE-2017-4914

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMwareVsphere Data Protection Version5.5.1
VMwareVsphere Data Protection Version5.5.5
VMwareVsphere Data Protection Version5.5.6
VMwareVsphere Data Protection Version5.5.7
VMwareVsphere Data Protection Version5.5.8
VMwareVsphere Data Protection Version5.5.9
VMwareVsphere Data Protection Version5.5.10
VMwareVsphere Data Protection Version5.5.11
VMwareVsphere Data Protection Version5.8.0
VMwareVsphere Data Protection Version5.8.1
VMwareVsphere Data Protection Version5.8.2
VMwareVsphere Data Protection Version5.8.3
VMwareVsphere Data Protection Version5.8.4
VMwareVsphere Data Protection Version6.0.0
VMwareVsphere Data Protection Version6.0.1
VMwareVsphere Data Protection Version6.0.2
VMwareVsphere Data Protection Version6.0.3
VMwareVsphere Data Protection Version6.0.4
VMwareVsphere Data Protection Version6.1.0
VMwareVsphere Data Protection Version6.1.1
VMwareVsphere Data Protection Version6.1.2
VMwareVsphere Data Protection Version6.1.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.34% 0.939
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

http://www.securityfocus.com/bid/98939
Third Party Advisory
VDB Entry