Skip to content

Instantly share code, notes, and snippets.

@srau srau/CVE-2018-5761 Secret
Last active Jan 22, 2018

Embed
What would you like to do?
CVE-2018-5761
Description
A man-in-the-middle vulnerability related to vCenter access was found
in Rubrik CDM 3.x and 4.x versions before 4.0.4-p2. This vulnerability might expose
Rubrik user credentials configured to access vCenter as Rubrik
clusters did not verify TLS certificates presented by vCenter.
Additional Information
Rubrik recommends an upgrade to 4.0.4-p2 or later to address the
vulnerability. For upgrade instructions to mitigate the vulnerability,
please reference the available KB: https://support.rubrik.com/articles/How_To/000001135
Vulnerability Type
Missing SSL Certificate Validation
Vendor
Rubrik, Inc
Affected Product Code Base
Rubrik CDM - 3.x, 4.0.x. This is fixed in 4.0.4-p2.
Affected Component
Rubrik CDM 3.x, 4.0.x
Attack Type
Context-dependent
Reference
https://support.rubrik.com/articles/How_To/000001135
Discoverer
Rubrik recognizes the efforts of Thorsten Tuellmann in the security community
who worked with us to coordinate the vulnerability disclosure.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.