Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): avamar
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-4990 |
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system. Published: June 21, 2017; 4:29:00 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-4989 |
In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by an attacker to view sensitive information, perform software updates, or run maintenance workflows. Published: June 21, 2017; 4:29:00 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-8214 |
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers. Published: January 25, 2017; 6:59:00 AM -0500 |
V4.0:(not available) V3.0: 6.7 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2016-0909 |
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users. Published: November 15, 2016; 2:30:00 PM -0500 |
V4.0:(not available) V3.0: 8.4 HIGH V2.0: 7.2 HIGH |
CVE-2016-0921 |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program. Published: September 20, 2016; 10:59:07 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 6.9 MEDIUM |
CVE-2016-0920 |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration. Published: September 20, 2016; 10:59:06 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-0905 |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. Published: September 20, 2016; 10:59:04 PM -0400 |
V4.0:(not available) V3.0: 6.7 MEDIUM V2.0: 7.2 HIGH |
CVE-2016-0904 |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation. Published: September 20, 2016; 10:59:03 PM -0400 |
V4.0:(not available) V3.0: 8.6 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-0903 |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent. Published: September 20, 2016; 10:59:01 PM -0400 |
V4.0:(not available) V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2016-0906 |
The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation. Published: July 06, 2016; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2015-4527 |
Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters. Published: July 23, 2015; 10:59:01 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2014-4632 |
VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate. Published: January 31, 2015; 9:59:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-4624 |
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call. Published: October 25, 2014; 6:55:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-4623 |
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. Published: October 25, 2014; 6:55:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-3275 |
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities." Published: July 19, 2013; 10:36:13 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-3274 |
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspecified vectors. Published: July 19, 2013; 10:36:13 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2013-0945 |
EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Published: May 03, 2013; 7:57:44 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0944 |
The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL. Published: May 03, 2013; 7:57:44 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 3.5 LOW |
CVE-2012-2291 |
EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack. Published: January 21, 2013; 4:55:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2012-4610 |
EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to the proxy client. Published: October 31, 2012; 6:50:32 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 3.3 LOW |