CVE-2017-12478

🗓️ 07 Aug 2017 15:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 105 Views🌐 WEB

Unitrends Backup (UB) before 10.0.0 has authentication bypass vulnerabilit

Reporter	Title	Published	Views	Family All 18
0day.today	Unitrends UEB 9.1 - Authentication Bypass / Remote Command Execution Exploit	6 Oct 201700:00	–	zdt
0day.today	Unitrends UEB 9 HTTP API/Storage Remote Root Exploit	22 Oct 201700:00	–	zdt
0day.today	Unitrends UEB HTTP API Remote Code Execution Exploit	6 Oct 201800:00	–	zdt
Circl	CVE-2017-12478	8 Aug 201700:00	–	circl
CNVD	Unitrends Backup Authorization Issues Vulnerability (CNVD-2017-28329)	14 Aug 201700:00	–	cnvd
Check Point Advisories	Kaseya Unitrends Backup Remote Code Execution (CVE-2017-12478)	17 May 202200:00	–	checkpoint_advisories
Cvelist	CVE-2017-12478	7 Aug 201715:00	–	cvelist
Exploit DB	Unitrends UEB 9.1 - Authentication Bypass / Remote Command Execution	8 Aug 201700:00	–	exploitdb
Exploit DB	Unitrends UEB 9 - http api/storage Remote Root (Metasploit)	23 Oct 201700:00	–	exploitdb
exploitpack	Unitrends UEB 9.1 - Authentication Bypass Remote Command Execution	8 Aug 201700:00	–	exploitpack

NVD

Node

Source	Link
exploit-db	www.exploit-db.com/exploits/45559/
support	www.support.unitrends.com/UnitrendsBackup/s/article/000005756
exploit-db	www.exploit-db.com/exploits/43030/

Parameter	Position	Path	Description	CWE
hostname	path	/api/storage	SQL injection/auth bypass in api/storage enabling command execution	CWE-287
ip	path	/api/hosts	Auth bypass via parameter in api/hosts enabling remote command execution	CWE-287

13 May 2026 00:24Current

9.8High risk

Vulners AI Score9.8

CVSS 3.19.8

CVSS 210

EPSS0.81581