TTCSIRT-077.010418: TT-CSIRT Advisory – VMware Security Updates

TTCSIRT-077.010418: TT-CSIRT Advisory – VMware Security Updates

VMware has released a security update stating that vSphere Data Protection (VDP) contains the following vulnerabilities:

a) VDP authentication bypass – a remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.

b) VDP arbitrary file upload – A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.

Further information on these vulnerabilities and how they can be fixed can be found on the VMWare Website at https://www.vmware.com/security/advisories/VMSA-2018-0001.html