VMSA-2018-0001

VMSA-2018-0001

This post was originally published on this site ---

--- This is a critical security advisory from VMware (VMSA) ---

New VMware Security Advisory VMSA-2018-0001

On January 2nd 2018 VMware released the following new security advisory:

VMSA-2018-0001 – vSphere Data Protection (VDP) updates address multiple security issues.

This documents several critical severity issues affecting VDP.

Issue (a) is an authenication bypass vulnerability (CVE-2017-15548). A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.

Issue (b) is an arbitrary file upload vulnerability (CVE-2017-15549). A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.

Issue (c) is a path traversal vulnerability (CVE-2017-15550). A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application.

These issues have been addressed in VDP 6.1.6 and 6.0.7.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.

The post VMSA-2018-0001 appeared first on VMware Security & Compliance Blog.

Leave a Reply

Your email address will not be published. Required fields are marked *