Lucene search

[email protected]CVE-2013-4677

HistoryAug 05, 2013 - 1:22 p.m.

CVE-2013-4677

2013-08-0513:22:00

CWE-264

[email protected]

web.nvd.nist.gov

symantec

backup exec

weak permissions

security vulnerability

nvd

6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

9.3%

JSON

Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files.

CPENameOperatorVersion
symantec:backup_execsymantec backup execeq2010
symantec:backup_execsymantec backup execeq2010_r3
symantec:backup_execsymantec backup execeq2012

CPE	Name	Operator	Version
symantec:backup_exec	symantec backup exec	eq	2010
symantec:backup_exec	symantec backup exec	eq	2010_r3
symantec:backup_exec	symantec backup exec	eq	2012

References

osvdb.org/95939

www.securityfocus.com/bid/61487

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00

6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

9.3%

JSON

Related for CVE-2013-4677

cvelist1 prion1 nessus1 kaspersky1