Vigil@nce - VMware vSphere Data Protection: information disclosure via Java
November 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use the Java API of Vmware vSphere Data
Protection, in order to obtain sensitive information.
– Impacted products: VMware vSphere
– Severity: 2/4
– Creation date: 23/10/2014
DESCRIPTION OF THE VULNERABILITY
The VMware vSphere Data Protection product offers an API for Java
applications.
However, an attacker can use this API to retrieve credentials, for
instance, those for accounts MCUser and GSAN. Technical details
are unknown.
An attacker can therefore use the Java API of Vmware vSphere Data
Protection, in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN