CVE-2013-4677

CWE-2643 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 83.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec Backup Exec
Timeline
PublishedAug 5
Latest updateMay 17

Description

Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.1 | Impact: 6.4

Affected Packages1 packages

NVDsymantec/backup_exec2010, 2010_r3, 2012+2

🔴Vulnerability Details

2
GHSA
GHSA-rgr3-h79f-87m5: Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files,2022-05-17
CVEList
CVE-2013-4677: Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files,2013-08-04
CVE-2013-4677 (MEDIUM CVSS 4.3) | Symantec Backup Exec 2010 R3 before | cvebase.io