VMware Security Advisory 2014-0011 - VMware vSphere Data Protection product updates address a vulnerability that could lead to sensitive information disclosure.
215b15436296cd13af4a6c3a5c8a74092a6188a68cb68f18826067f34921f731
EMC Avamar server contains a vulnerability that may allow remote Avamar client user to retrieve sensitive account credentials from affected Avamar server using Java API calls. No authentication to Avamar server is required for this potential attack. Exposed information includes MCUser and GSAN account passwords of all grid systems that are being monitored in EMC Avamar Enterprise Manager. EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x up to and including 7.0.2-43 are affected.
24d8d814ea8b6331d98ee101748e0eb8f4305b743a3d2fab02a2af437b2537cb