VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Vsphere_data_protection | Vmware | 5.5.1 (including) | 5.5.1 (including) |
Vsphere_data_protection | Vmware | 5.5.5 (including) | 5.5.5 (including) |
Vsphere_data_protection | Vmware | 5.5.6 (including) | 5.5.6 (including) |
Vsphere_data_protection | Vmware | 5.5.7 (including) | 5.5.7 (including) |
Vsphere_data_protection | Vmware | 5.5.8 (including) | 5.5.8 (including) |
Vsphere_data_protection | Vmware | 5.5.9 (including) | 5.5.9 (including) |
Vsphere_data_protection | Vmware | 5.5.10 (including) | 5.5.10 (including) |
Vsphere_data_protection | Vmware | 5.5.11 (including) | 5.5.11 (including) |
Vsphere_data_protection | Vmware | 5.8.0 (including) | 5.8.0 (including) |
Vsphere_data_protection | Vmware | 5.8.1 (including) | 5.8.1 (including) |
Vsphere_data_protection | Vmware | 5.8.2 (including) | 5.8.2 (including) |
Vsphere_data_protection | Vmware | 5.8.3 (including) | 5.8.3 (including) |
Vsphere_data_protection | Vmware | 5.8.4 (including) | 5.8.4 (including) |
Vsphere_data_protection | Vmware | 6.0.0 (including) | 6.0.0 (including) |
Vsphere_data_protection | Vmware | 6.0.1 (including) | 6.0.1 (including) |
Vsphere_data_protection | Vmware | 6.0.2 (including) | 6.0.2 (including) |
Vsphere_data_protection | Vmware | 6.0.3 (including) | 6.0.3 (including) |
Vsphere_data_protection | Vmware | 6.0.4 (including) | 6.0.4 (including) |
Vsphere_data_protection | Vmware | 6.1.0 (including) | 6.1.0 (including) |
Vsphere_data_protection | Vmware | 6.1.1 (including) | 6.1.1 (including) |
Vsphere_data_protection | Vmware | 6.1.2 (including) | 6.1.2 (including) |
Vsphere_data_protection | Vmware | 6.1.3 (including) | 6.1.3 (including) |