CVE-2017-4914

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.

Published: Jun 7, 2017
Updated: Nov 9, 2025
CVE: CVE-2017-4914
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-502

OWASP TOP 10:

A8 - Insecure Deserialization

Affected Software
References

Software	From	Fixed in
vmware / vsphere_data_protection	5.8.2	5.8.2.x
vmware / vsphere_data_protection	5.5.10	5.5.10.x
vmware / vsphere_data_protection	6.1.0	6.1.0.x
vmware / vsphere_data_protection	6.0.3	6.0.3.x
vmware / vsphere_data_protection	6.0.1	6.0.1.x
vmware / vsphere_data_protection	6.1.3	6.1.3.x
vmware / vsphere_data_protection	5.5.7	5.5.7.x
vmware / vsphere_data_protection	5.8.4	5.8.4.x
vmware / vsphere_data_protection	5.5.11	5.5.11.x
vmware / vsphere_data_protection	5.8.1	5.8.1.x
vmware / vsphere_data_protection	6.1.1	6.1.1.x
vmware / vsphere_data_protection	5.8.3	5.8.3.x
vmware / vsphere_data_protection	5.5.6	5.5.6.x
vmware / vsphere_data_protection	5.5.9	5.5.9.x
vmware / vsphere_data_protection	6.0.0	6.0.0.x
vmware / vsphere_data_protection	6.0.4	6.0.4.x
vmware / vsphere_data_protection	6.1.2	6.1.2.x
vmware / vsphere_data_protection	5.5.5	5.5.5.x
vmware / vsphere_data_protection	5.5.1	5.5.1.x
vmware / vsphere_data_protection	5.5.8	5.5.8.x
vmware / vsphere_data_protection	6.0.2	6.0.2.x
vmware / vsphere_data_protection	5.8.0	5.8.0.x

Vulnerability Database

322,573

CVE-2017-4914

Deep Security Visibility Without the Complexity