Security Update:A Certificate Validation Vulnerability VMware vSphere Data Protection
Date and Time
VMware vSphere Data Protection Users
VMware released a security advisory to address a certificate validation vulnerability in VMware vSphere Data Protection product.
Advanced Users: For a complete description of the security enhancement and affected software refer to VMware Security Advisory VMSA-2015-0002 at http://www.vmware.com/security/advisories/VMSA-2015-0002.html.
- VMware vSphere Data Protection 5.8
- VMware vSphere Data Protection 5.5 prior to 5.5.9
- VMware vSphere Data Protection 5.1 all versions
WHAT'S THE PROBLEM?
Exploitation of this vulnerability may allow for a Man-in-the-Middle attack that enables the attacker to perform unauthorized backup and restore operations.
HOW DO I PROTECT MY COMPUTER?
If IT Field Services or you have other IT support, no action on your part is required.
If you do not have IT support, updates may be obtained through VMware Security Advisory VMSA-2015-0002 at http://www.vmware.com/security/advisories/VMSA-2015-0002.html.
IT Security at http://it.ucsf.edu/security