CVE-2019-11242

HIGH

Cohesity DataPlatform 5.x-6.x < 6.1.1c - Man-in-the-Middle via vCenter TLS Certificate Validation Bypass

Title source: llm
STIX 2.1

Description

A man-in-the-middle vulnerability related to vCenter access was found in Cohesity DataPlatform version 5.x and 6.x prior to 6.1.1c. Cohesity clusters did not verify TLS certificates presented by vCenter. This vulnerability could expose Cohesity user credentials configured to access vCenter.

References (1)

Core 1

Scores

CVSS v3 8.1
EPSS 0.0053
EPSS Percentile 40.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-295
Status published
Products (1)
cohesity/dataplatform 5.0 - 6.1.1c
Published Jul 12, 2019
Tracked Since Feb 18, 2026