Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

NetWorker Security Vulnerabilities

cve
cve

CVE-2001-0910

Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP address whose hostname can not be determined by a DNS reverse lookup.

6.8AI Score

0.008EPSS

2002-02-02 05:00 AM
22
cve
cve

CVE-2002-0113

EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platfo...

6.1AI Score

0.0004EPSS

2002-03-25 05:00 AM
23
cve
cve

CVE-2002-0114

EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.

6.7AI Score

0.0004EPSS

2002-03-25 05:00 AM
31
cve
cve

CVE-2006-3892

The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands.

7.4AI Score

0.075EPSS

2007-03-02 09:18 PM
19
cve
cve

CVE-2011-0321

librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which allows remote attackers to (1) register or (2) unregister RPC services, and consequently cause a denial...

6.7AI Score

0.026EPSS

2011-02-01 06:00 PM
22
cve
cve

CVE-2011-1421

EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the client push feature is enabled, uses weak permissions for an unspecified file, which allows local users to gain privileges via unknown vectors.

6.7AI Score

0.0004EPSS

2011-04-22 10:55 AM
23
cve
cve

CVE-2012-0395

Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.

8.4AI Score

0.074EPSS

2022-10-03 04:15 PM
107
cve
cve

CVE-2012-2288

Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.

7.6AI Score

0.943EPSS

2012-09-04 11:04 AM
141
cve
cve

CVE-2012-4607

Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary code via crafted SunRPC data.

8AI Score

0.057EPSS

2022-10-03 04:15 PM
109
cve
cve

CVE-2013-0940

The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and 8.x before 8.0.1.4 sets weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.

6.7AI Score

0.0004EPSS

2022-10-03 04:15 PM
23
cve
cve

CVE-2013-0943

EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin.

6AI Score

0.0004EPSS

2022-10-03 04:15 PM
20
cve
cve

CVE-2013-3285

The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources.

6.5AI Score

0.001EPSS

2022-10-03 04:14 PM
21
cve
cve

CVE-2014-4620

The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.

6AI Score

0.0004EPSS

2014-10-25 10:55 AM
20
cve
cve

CVE-2015-0530

Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors.

6.9AI Score

0.0004EPSS

2015-04-17 01:59 AM
22
cve
cve

CVE-2015-6849

EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages.

7.1AI Score

0.004EPSS

2015-12-05 03:59 AM
22
cve
cve

CVE-2016-0916

EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance.

9.8CVSS

9.7AI Score

0.002EPSS

2016-06-10 01:59 AM
19
cve
cve

CVE-2017-15548

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized ...

9.8CVSS

9.6AI Score

0.006EPSS

2018-01-05 05:29 PM
29
cve
cve

CVE-2017-15549

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted...

8.8CVSS

8.7AI Score

0.003EPSS

2018-01-05 05:29 PM
36
cve
cve

CVE-2017-15550

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system...

8.8CVSS

8.7AI Score

0.003EPSS

2018-01-05 05:29 PM
29
cve
cve

CVE-2017-8022

An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary ...

8.1CVSS

8.7AI Score

0.008EPSS

2017-10-18 03:29 PM
26
cve
cve

CVE-2023-24568

Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates.

5CVSS

4.7AI Score

0.0005EPSS

2023-05-30 04:15 PM
20
cve
cve

CVE-2023-25539

Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerabl...

9.8CVSS

9.8AI Score

0.003EPSS

2023-05-31 05:15 AM
22
cve
cve

CVE-2023-28055

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks...

8.8CVSS

9.1AI Score

0.001EPSS

2023-09-27 03:18 PM
11
cve
cve

CVE-2024-22432

Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured ...

7.8CVSS

6.3AI Score

0.0004EPSS

2024-01-25 03:15 PM
16