Information disclosure in vSphere Data Protection - CVE-2017-4917
Published: June 7, 2017
Vulnerability identifier: #VU6952
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-4917
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Affected software:
vSphere Data Protection
vSphere Data Protection
Detailed vulnerability description
The vulnerability allows a local attacker to obtain potentially sensitive information on a targeted system.
The weakness exists due to improper security restrictions imposed by the affected software. A local attacker can gain access to server credentials in plaintext format.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists due to improper security restrictions imposed by the affected software. A local attacker can gain access to server credentials in plaintext format.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-4917
Update to version 6.0.5, 6.1.4.