CVE-2018-11076

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.

Published: Nov 26, 2018
Updated: Nov 9, 2025
CVE: CVE-2018-11076
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.3
AV:A/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
dell / emc_integrated_data_protection_appliance	2.0	2.0.x
dell / emc_avamar	7.3.1	7.3.1.x
dell / emc_avamar	7.4.1	7.4.1.x
dell / emc_avamar	7.4.0	7.4.0.x
dell / emc_avamar	7.3.0	7.3.0.x
dell / emc_avamar	7.2.0	7.2.0.x
dell / emc_avamar	7.2.1	7.2.1.x
vmware / vsphere_data_protection	6.1.0	6.1.0.x
vmware / vsphere_data_protection	6.0.3	6.0.3.x
vmware / vsphere_data_protection	6.0.1	6.0.1.x
vmware / vsphere_data_protection	6.1.3	6.1.3.x
vmware / vsphere_data_protection	6.1.1	6.1.1.x
vmware / vsphere_data_protection	6.0.0	6.0.0.x
vmware / vsphere_data_protection	6.0.4	6.0.4.x
vmware / vsphere_data_protection	6.1.2	6.1.2.x
vmware / vsphere_data_protection	6.0.2	6.0.2.x
vmware / vsphere_data_protection	6.0.5	6.0.5.x
vmware / vsphere_data_protection	6.0.6	6.0.6.x
vmware / vsphere_data_protection	6.0.7	6.0.7.x
vmware / vsphere_data_protection	6.0.8	6.0.8.x
vmware / vsphere_data_protection	6.1.4	6.1.4.x
vmware / vsphere_data_protection	6.1.5	6.1.5.x
vmware / vsphere_data_protection	6.1.6	6.1.6.x
vmware / vsphere_data_protection	6.1.7	6.1.7.x
vmware / vsphere_data_protection	6.1.8	6.1.8.x
vmware / vsphere_data_protection	6.1.9	6.1.9.x

Vulnerability Database

322,573

CVE-2018-11076

Deep Security Visibility Without the Complexity