Lucene search

Avamar Security Vulnerabilities - January

cve

CVE-2010-1919

Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allows remote attackers to cause a denial of service (gsan service hang) by sending a crafted message using TCP.

6.8AI Score

0.021EPSS

2010-05-28 06:30 PM

cve

CVE-2011-0442

The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network.

6.4AI Score

0.002EPSS

2011-03-16 10:55 PM

cve

CVE-2011-0648

Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote authenticated users to gain privileges via unknown vectors.

6.6AI Score

0.005EPSS

2011-03-16 10:55 PM

cve

CVE-2011-1740

EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authenticated users to modify client data or obtain sensitive information about product activities by leveraging privileged access to a different domain.

6AI Score

0.002EPSS

2011-09-19 12:02 PM

cve

CVE-2012-2291

EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack.

6.9AI Score

0.0004EPSS

2013-01-21 09:55 PM

cve

CVE-2012-4610

EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to the proxy client.

6.5AI Score

0.006EPSS

2012-10-31 10:50 AM

cve

CVE-2013-0944

The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.

6.3AI Score

0.001EPSS

2013-05-03 11:57 AM

cve

CVE-2013-0945

EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

6.7AI Score

0.001EPSS

2013-05-03 11:57 AM

cve

CVE-2014-4623

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force ...

6.7AI Score

0.002EPSS

2014-10-25 10:55 AM

cve

CVE-2016-0906

The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation.

8.8CVSS

8AI Score

0.002EPSS

2016-07-06 02:59 PM