Description
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.
References (4)
Core 4
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
https://seclists.org/fulldisclosure/2018/Nov/50
Patch, Third Party Advisory x_refsource_confirm
https://www.vmware.com/security/advisories/VMSA-2018-0029.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105972
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1042153
Scores
CVSS v3
6.5
EPSS
0.0039
EPSS Percentile
59.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (26)
dell/emc_avamar
7.2.0
dell/emc_avamar
7.2.1
dell/emc_avamar
7.3.0
dell/emc_avamar
7.3.1
dell/emc_avamar
7.4.0
dell/emc_avamar
7.4.1
dell/emc_integrated_data_protection_appliance
2.0
vmware/vsphere_data_protection
6.0.0
vmware/vsphere_data_protection
6.0.1
vmware/vsphere_data_protection
6.0.2
... and 16 more
Published
Nov 26, 2018
Tracked Since
Feb 18, 2026