TTCSIRT-077.010418: TT-CSIRT Advisory – VMware Security Updates
VMware has released a security update stating that vSphere Data Protection (VDP) contains the following vulnerabilities:
a) VDP authentication bypass – a remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.
b) VDP arbitrary file upload – A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.
|Further information on these vulnerabilities and how they can be fixed can be found on the VMWare Website at https://www.vmware.com/security/advisories/VMSA-2018-0001.html|