Both EMC and VMware are affected by security issues that could allow unauthorized access to attackers.
An information disclosure vulnerability in the EMC Data Domain OS could potentially be exploited by malicious users to compromise the affected system.
EMC Data Domain OS is the operating system running on disk backup units, the flaw could allow ill-intentioned users to log the system assuming the identity of one of the allowed users and access his data.
“Data Domain logs the session identifier of a user logged in via the GUI in a file that is accessible to all users. A malicious user could use the disclosed
session identifier to take over the account of the victim, a GUI user whose session identifier was disclosed.” reported the notification published by EMC.
EMC issued a security update for the EMC Data Domain OS 5.5, 5.6 and 5.7.
Are you using VMware NSX and vCNS products? You must read this, according to the VMSA-2016-0007 advisory, the VMware NSX and vCNS product updates address a critical information disclosure vulnerability in the VMware software.
An attacker can exploit the vulnerability to gain access to sensitive data as explained by the company in the advisory.
“VMware NSX and vCNS with SSL-VPN enabled contain a critical input validation vulnerability. This issue may allow a remote attacker to gain access to sensitive information. ” states the advisory.
VMware released security patches for both NSX Edge 6.1 and 6.2 and vCNS Edge 5.5. Unfortunately, VMware admins have to consider also another security issue, an important stored cross-site scripting issue in VMware vRealize Log Insight (VMSA-2016-0008)
Hackers can exploit the flaw to hijack an authenticated user’s session, the security advisory urges administrators using Versions 2.x and 3.x to apply the available patches.
(Security Affairs – VMware, EMC Data Domain)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.