CVE-2019-11242

Published: Jul 12, 2019Modified: Nov 21, 2024

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

A man-in-the-middle vulnerability related to vCenter access was found in Cohesity DataPlatform version 5.x and 6.x prior to 6.1.1c. Cohesity clusters did not verify TLS certificates presented by vCenter. This vulnerability could expose Cohesity user credentials configured to access vCenter.

Affected (1)

Products: Cohesity: Dataplatform

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cohesity Dataplatform	From 5.0 to 6.1.1c

Related CWEs

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (2)

https://github.com/cohesity/SecAdvisory/blob/master/README.md

Source: cve@mitre.org

Third Party Advisory

https://github.com/cohesity/SecAdvisory/blob/master/README.md

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.