Network Security, Patch/Configuration Management, Vulnerability Management

VMware repairs three critical bugs in vSphere Data Protection

VMware issued patches on Wednesday for a trio of critical vulnerabilities in its vSphere Data Protection disk-based backup and recovery solution. In all three cases, the problem was found in versions 6.1.x, 6.0.x, and 5.x, and repaired in versions 6.1.6 and 6.0.7.

The first corrected bug is an application authentication bypass vulnerability, designated CVE-2017-15548, that can be exploited by remote, unauthenticated attackers to gain root access to an affected system.

The second flaw, CVE-2017-15549, is an arbitrary file upload vulnerability, which remote, authenticated attackers with low privileges can exploit to introduce maliciously crafted files into any location on the server file system.

Finally, VMware also fixed CVE-2017-15550, a path traversal vulnerability that, according to the company's official security advisory, can allow a remote authenticated malicious user with low privileges to “access arbitrary files on the server file system in the context of the running vulnerable application.”

VMware is a subsidiary of Dell Technologies.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.