it.ucsf.edu

Security Update:A Certificate Validation Vulnerability VMware vSphere Data Protection

Status Type

Security Update

Date and Time

Thursday, January 29, 2015 - 16:07

Reason

Security Update

Impact

VMware vSphere Data Protection Users

WHAT HAPPENED?

VMware released a security advisory to address a certificate validation vulnerability in VMware vSphere Data Protection product.

Advanced Users: For a complete description of the security enhancement and affected software refer to VMware Security Advisory VMSA-2015-0002 at http://www.vmware.com/security/advisories/VMSA-2015-0002.html.
 


AFFECTED SYSTEMS:

  • VMware vSphere Data Protection 5.8
  • VMware vSphere Data Protection 5.5 prior to 5.5.9
  • VMware vSphere Data Protection 5.1 all versions

 

 

WHAT'S THE PROBLEM?

Exploitation of this vulnerability may allow for a Man-in-the-Middle attack that enables the attacker to perform unauthorized backup and restore operations.
 


HOW DO I PROTECT MY COMPUTER?

If IT Field Services or you have other IT support, no action on your part is required.
If you do not have IT support, updates may be obtained through VMware Security Advisory VMSA-2015-0002 at http://www.vmware.com/security/advisories/VMSA-2015-0002.html.

 


RELATED LINKS

IT Security at http://it.ucsf.edu/security