Lucene search
+L
EmcAvamar

10 matches found

CVE
CVE
added 2012/10/31 10:0 a.m.66 views

CVE-2012-4610

EMC Avamar Client for VMware 6.1 stores the Avamar server root password in clear text on the proxy client. A user with network access to the proxy and Avamar server could obtain privileged access to the server. EMC issued a security advisory (40843) and hotfixes (e.g., 6.1.100-402) to address thi...

3.3CVSS6.5AI score0.00618EPSS
CVE
CVE
added 2013/05/03 10:0 a.m.53 views

CVE-2013-0945

The CVE-2013-0945 entry concerns EMC Avamar Client prior to 6.1.101-89, where the client does not verify that the server hostname matches the domain name in the server certificate’s CN or SAN. This improper certificate validation allows MITM attackers to spoof SSL servers using an arbitrary valid...

9.3CVSS6.7AI score0.00858EPSS
CVE
CVE
added 2011/09/17 10:0 a.m.52 views

CVE-2011-1740

EMC Avamar 4.x, 5.0.x and 6.0.x prior to 6.0.0-592 are affected by a privilege enforcement bypass that may allow remote authenticated users to modify client data or view sensitive activity by leveraging access across domains. The issue is described in EMC advisory ESA-2011-018 and related CVE-201...

7.7CVSS6AI score0.01126EPSS
CVE
CVE
added 2010/05/28 6:0 p.m.47 views

CVE-2010-1919

Summary (CVE-2010-1919) : A DoS vulnerability in EMC Avamar 4.1.x and 5.0 prior to SP1 allows an unauthenticated remote attacker to hang the gsan service by sending a crafted TCP message, potentially requiring a reboot of the affected grid. Affected versions: EMC Avamar 4.1.x and 5.0 (pre-SP1). M...

7.1CVSS6.8AI score0.02429EPSS
CVE
CVE
added 2011/03/16 10:0 p.m.47 views

CVE-2011-0442

EMC Avamar 5.x before 5.0.4 transmits event details in cleartext over service requests and internal emails, potentially exposing sensitive customer information to network sniffing. Affected versions include EMC Avamar 5.0.0-407 and later but prior to 5.0.4 (5.0 SP4). Resolution guidance from EMC ...

3.5CVSS6.4AI score0.01061EPSS
CVE
CVE
added 2014/10/25 10:0 a.m.47 views

CVE-2014-4623

EMC Avamar ADS GEN4(S) and Avamar Virtual Edition (AVE) versions 6.0.x, 6.1.x, and 7.0.x are affected when the Password Hardening package is installed prior to 2.0.0.4. The issue stems from using UNIX DES crypt for password hashing, enabling context-dependent attackers to recover cleartext passwo...

4.3CVSS6.7AI score0.01593EPSS
CVE
CVE
added 2016/07/06 2:0 p.m.45 views

CVE-2016-0906

The CVE-2016-0906 entry describes a vulnerability in EMC Avamar’s web-restore interface present in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) up to versions 7.2.1. An authenticated remote user can read or delete directories via Linux backup-restore operations, indicating improper ac...

8.8CVSS8AI score0.0158EPSS
CVE
CVE
added 2011/03/16 10:0 p.m.44 views

CVE-2011-0648

CVE-2011-0648 affects EMC Avamar prior to version 5.0.4-30, where remote authenticated users can gain privileges via unknown vectors. The vulnerability is classified with a high impact (CVSSv2 base score 8.5) and involves complete impact on confidentiality, integrity, and availability. Affected c...

8.5CVSS6.6AI score0.02518EPSS
CVE
CVE
added 2013/01/21 9:0 p.m.43 views

CVE-2012-2291

CVE-2012-2291 affects EMC Avamar Client 4.x/5.x/6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x/5.x/6.x for Oracle. The root cause is world-writable permissions on cache directories, which enables local users to elevate privileges via an unspecified symlink attack. The accompanying secur...

7.2CVSS6.9AI score0.00336EPSS
CVE
CVE
added 2013/05/03 10:0 a.m.43 views

CVE-2013-0944

CVE-2013-0944 affects EMC Avamar Server prior to 6.1.0. The issue resides in the web-based file-restore interface, allowing remote authenticated users to read arbitrary files via a crafted URL. Red Hat and EMC advisories corroborate the vulnerability and provide a remediation path: upgrade to EMC...

3.5CVSS6.3AI score0.00861EPSS