it.ucsf.edu

Security Update:Critical Information Disclosure Vulnerability in VMware vSphere Data Protection (VDP)

Status Type

Security Update

Date and Time

Thursday, October 23, 2014 - 11:12

Reason

Security Update

Impact

VMware vSphere Data Protection Users

WHAT HAPPENED?

VMware released a new security advisory VMSA-2014-0011 to address a critical information disclosure vulnerability in VMware vSphere Data Protection (VDP).

Advanced Users: For a complete description of the security enhancement and affected software refer to VMware Security Advisory VMSA-2014-011 at http://www.vmware.com/security/advisories/VMSA-2014-0011.html.


AFFECTED SYSTEMS:

  • VMware vSphere Data Protection 5.5 prior to 5.5.7



WHAT'S THE PROBLEM?

If exploited, this vulnerability may allow a remote user to retrieve sensitive account credentials from the affected VDP server.


HOW DO I PROTECT MY COMPUTER?

  1. If IT Field Services or you have other IT support, no action on your part is required.
  2. If you do not have IT support, updates may be obtained through VMware Security Advisory VMSA-2014-011 at http://www.vmware.com/security/advisories/VMSA-2014-0011.html.



RELATED LINKS