I know you are all busy patching Meltdown and Spectre, but let’s not forget about a security advisory that VMware released so early this year, on 2nd January 2018: VMSA-2018-0001 – vSphere Data Protection (VDP) updates address multiple security issues.
This advisory documents the remediation of three important issues: a VDP authentication bypass vulnerability, VDP arbitrary file upload vulnerability, and a VDP path traversal vulnerability.
Same day, VMware released a new vSphere Data Protection version, 6.1.6, which among other goodies fixes all the vulnerabilities from the current advisory.
Recent Comments