CVE-2014-4632

CVE Database · CVE-2014-4632

CVE-2014-4632

· N/AModified

CVSS v3.1

N/A

EPSS

0.62%

Published

Feb 1, 2015

Modified

May 6, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.

Weaknesses (CWE)

CWE-310

Affected Products (6)

vmware · vsphere_data_protectionvulnerable

References (8)

http://archives.neohapsis.com/archives/bugtraq/2015-01/0154.html

http://www.securitytracker.com/id/1031664

http://www.vmware.com/security/advisories/VMSA-2015-0002.html

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/100866

http://archives.neohapsis.com/archives/bugtraq/2015-01/0154.html

http://www.securitytracker.com/id/1031664

http://www.vmware.com/security/advisories/VMSA-2015-0002.html

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/100866

KEV Catalog EPSS Scores Vendors All CVEs