CVE-2018-5761

EUVD-2018-17530
A man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. This vulnerability might expose Rubrik user credentials configured to access vCenter as Rubrik clusters did not verify TLS certificates presented by vCenter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
rubrikcdm
𝑥
≤ 3.0.0
rubrikcdm
4.0.0 ≤
𝑥
≤ 4.0.4
rubrikcdm
4.0.4:p1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/srau/0ed7747953b3571247a6c485f91619ff
https://support.rubrik.com/articles/How_To/000001135
https://gist.github.com/srau/0ed7747953b3571247a6c485f91619ff
https://support.rubrik.com/articles/How_To/000001135