CVE-2017-4917

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.

Published: Jun 7, 2017
Updated: Nov 9, 2025
CVE: CVE-2017-4917
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-327

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
vmware / vsphere_data_protection	5.8.2	5.8.2.x
vmware / vsphere_data_protection	5.5.10	5.5.10.x
vmware / vsphere_data_protection	6.1.0	6.1.0.x
vmware / vsphere_data_protection	6.0.3	6.0.3.x
vmware / vsphere_data_protection	6.0.1	6.0.1.x
vmware / vsphere_data_protection	6.1.3	6.1.3.x
vmware / vsphere_data_protection	5.5.7	5.5.7.x
vmware / vsphere_data_protection	5.8.4	5.8.4.x
vmware / vsphere_data_protection	5.5.11	5.5.11.x
vmware / vsphere_data_protection	5.8.1	5.8.1.x
vmware / vsphere_data_protection	6.1.1	6.1.1.x
vmware / vsphere_data_protection	5.8.3	5.8.3.x
vmware / vsphere_data_protection	5.5.6	5.5.6.x
vmware / vsphere_data_protection	5.5.9	5.5.9.x
vmware / vsphere_data_protection	6.0.0	6.0.0.x
vmware / vsphere_data_protection	6.0.4	6.0.4.x
vmware / vsphere_data_protection	6.1.2	6.1.2.x
vmware / vsphere_data_protection	5.5.5	5.5.5.x
vmware / vsphere_data_protection	5.5.8	5.5.8.x
vmware / vsphere_data_protection	6.0.2	6.0.2.x
vmware / vsphere_data_protection	5.8.0	5.8.0.x

Vulnerability Database

322,573

CVE-2017-4917

Deep Security Visibility Without the Complexity