CVE-2017-4917

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vmwareCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
vmwarevsphere_data_protection
5.5.5
vmwarevsphere_data_protection
5.5.6
vmwarevsphere_data_protection
5.5.7
vmwarevsphere_data_protection
5.5.8
vmwarevsphere_data_protection
5.5.9
vmwarevsphere_data_protection
5.5.10
vmwarevsphere_data_protection
5.5.11
vmwarevsphere_data_protection
5.8.0
vmwarevsphere_data_protection
5.8.1
vmwarevsphere_data_protection
5.8.2
vmwarevsphere_data_protection
5.8.3
vmwarevsphere_data_protection
5.8.4
vmwarevsphere_data_protection
6.0.0
vmwarevsphere_data_protection
6.0.1
vmwarevsphere_data_protection
6.0.2
vmwarevsphere_data_protection
6.0.3
vmwarevsphere_data_protection
6.0.4
vmwarevsphere_data_protection
6.1.0
vmwarevsphere_data_protection
6.1.1
vmwarevsphere_data_protection
6.1.2
vmwarevsphere_data_protection
6.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/98936
http://www.securitytracker.com/id/1038617
http://www.vmware.com/security/advisories/VMSA-2017-0010.html
http://www.securityfocus.com/bid/98936
http://www.securitytracker.com/id/1038617
http://www.vmware.com/security/advisories/VMSA-2017-0010.html