CVE-2016-7456

CWE-2555 documents5 sources

Severity

9.8CRITICAL

EPSS

82.1%

top 0.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vsphere Data Protection

Timeline

PublishedDec 29

Latest updateMay 17

Description

VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDvmware/vsphere_data_protection22 versions+21

🔴Vulnerability Details

GHSA

GHSA-x872-hfmg-7gqf: VMware vSphere Data Protection (VDP) 5↗2022-05-17

▶

CVEList

CVE-2016-7456: VMware vSphere Data Protection (VDP) 5↗2016-12-29

▶

OSV

libgd2 vulnerabilities↗2016-07-11

▶

💬Community

Bugzilla

CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc↗2016-05-27

▶