CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
70.0%
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal.
Vendor | Product | Version | CPE |
---|---|---|---|
emc | avamar_server | 7.1-21 | cpe:2.3:a:emc:avamar_server:7.1-21:sp2:*:*:*:*:*:* |
emc | avamar_server | 7.1-145 | cpe:2.3:a:emc:avamar_server:7.1-145:sp1:*:*:*:*:*:* |
emc | avamar_server | 7.1-302 | cpe:2.3:a:emc:avamar_server:7.1-302:*:*:*:*:*:*:* |
emc | avamar_server | 7.1-370 | cpe:2.3:a:emc:avamar_server:7.1-370:*:*:*:*:*:*:* |
emc | avamar_server | 7.2-32 | cpe:2.3:a:emc:avamar_server:7.2-32:sp1:*:*:*:*:*:* |
emc | avamar_server | 7.2-309 | cpe:2.3:a:emc:avamar_server:7.2-309:*:*:*:*:*:*:* |
emc | avamar_server | 7.2-401 | cpe:2.3:a:emc:avamar_server:7.2-401:*:*:*:*:*:*:* |
emc | avamar_server | 7.3-125 | cpe:2.3:a:emc:avamar_server:7.3-125:sp1:*:*:*:*:*:* |
emc | avamar_server | 7.3-211 | cpe:2.3:a:emc:avamar_server:7.3-211:*:*:*:*:*:*:* |
emc | avamar_server | 7.3-226 | cpe:2.3:a:emc:avamar_server:7.3-226:*:*:*:*:*:*:* |
[
{
"product": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0"
}
]
}
]
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
70.0%