CVE-2017-4917

CWE-327 — Broken Cryptographic Algorithm3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.1%

top 76.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vsphere Data Protection (vdp)Vmware Vsphere Data Protection

Timeline

PublishedJun 7

Latest updateMay 13

Description

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDvmware/vsphere_data_protection21 versions+20

▶CVEListV5vmware/vsphere_data_protection_(vdp)4 versions+3

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-mrgm-rp63-hxmr: VMware vSphere Data Protection (VDP) 6↗2022-05-13

▶

CVEList

CVE-2017-4917: VMware vSphere Data Protection (VDP) 6↗2017-06-07

▶