cbcvebase.

Emc Avamar Server vulnerabilities

13 known vulnerabilities affecting emc/avamar_server.

Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH5MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2017-15548P2CRITICALCVSS 9.8v7.1-21v7.1-145+12 more2018-01-05
CVE-2017-15548 [CRITICAL] CWE-287 CVE-2017-15548: An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtua An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.
nvd
CVE-2017-15550P3HIGHCVSS 8.8v7.1-21v7.1-145+12 more2018-01-05
CVE-2017-15550 [HIGH] CWE-22 CVE-2017-15550: An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtua An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application v
nvd
CVE-2017-4989P3CRITICALCVSS 9.8v7.2.0-401v7.2.1-31+4 more2017-06-21
CVE-2017-4989 [CRITICAL] CWE-287 CVE-2017-4989: In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an una In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by an attacker to view sensitive information, perform software updates, or run maintenance workflows.
nvd
CVE-2017-4990P3CRITICALCVSS 9.8v7.3.0-226v7.3.0-233+3 more2017-06-21
CVE-2017-4990 [CRITICAL] CWE-434 CVE-2017-4990: In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system.
nvd
CVE-2017-15549P3HIGHCVSS 8.8v7.1-21v7.1-145+12 more2018-01-05
CVE-2017-15549 [HIGH] CWE-434 CVE-2017-15549: An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtua An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.
nvd
CVE-2016-0903P3CRITICALCVSS 9.1≤ 7.3.02016-09-21
CVE-2016-0903 [CRITICAL] CWE-200 CVE-2016-0903: Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent.
nvd
CVE-2013-3274P3CRITICALCVSS 9.0≤ 6.1v4.0+3 more2013-07-19
CVE-2013-3274 [CRITICAL] CWE-264 CVE-2013-3274: EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platform EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
nvd
CVE-2016-0904P3HIGHCVSS 8.6≤ 7.3.02016-09-21
CVE-2016-0904 [HIGH] CWE-200 CVE-2016-0904: Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use t Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installat
nvd
CVE-2015-4527P3HIGHCVSS 7.8v7.12015-07-23
CVE-2015-4527 [HIGH] CWE-200 CVE-2015-4527: Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters.
nvd
CVE-2016-0920P3HIGHCVSS 7.8≤ 7.3.02016-09-21
CVE-2016-0920 [HIGH] CWE-77 CVE-2016-0920: Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration.
nvd
CVE-2016-0905P4MEDIUMCVSS 6.7≤ 7.3.02016-09-21
CVE-2016-0905 [MEDIUM] CWE-264 CVE-2016-0905: Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command.
nvd
CVE-2016-0921P4MEDIUMCVSS 6.5≤ 7.3.02016-09-21
CVE-2016-0921 [MEDIUM] CWE-264 CVE-2016-0921: Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use w Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program.
nvd
CVE-2013-3275P4MEDIUMCVSS 4.3≤ 6.1v4.0+3 more2013-07-19
CVE-2013-3275 [MEDIUM] CWE-20 CVE-2013-3275: EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platform EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities."
nvd
Emc Avamar Server vulnerabilities | cvebase