CVE-2018-11076

CVE Database · CVE-2018-11076

CVE-2018-11076

· N/AModified

CVSS v3.1

N/A

EPSS

0.83%

Published

Nov 26, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.

Affected Products (26)

dell · emc_avamarvulnerable

dell · emc_integrated_data_protection_appliancevulnerable

vmware · vsphere_data_protectionvulnerable

References (8)

http://www.securityfocus.com/bid/105972

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1042153

Third Party AdvisoryVDB Entry

https://seclists.org/fulldisclosure/2018/Nov/50

Mailing ListThird Party Advisory

https://www.vmware.com/security/advisories/VMSA-2018-0029.html

PatchThird Party Advisory

http://www.securityfocus.com/bid/105972

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1042153

KEV Catalog EPSS Scores Vendors All CVEs