10 matches found
CVE-2012-4610
EMC Avamar Client for VMware 6.1 stores the Avamar server root password in clear text on the proxy client. A user with network access to the proxy and Avamar server could obtain privileged access to the server. EMC issued a security advisory (40843) and hotfixes (e.g., 6.1.100-402) to address thi...
CVE-2013-0945
The CVE-2013-0945 entry concerns EMC Avamar Client prior to 6.1.101-89, where the client does not verify that the server hostname matches the domain name in the server certificate’s CN or SAN. This improper certificate validation allows MITM attackers to spoof SSL servers using an arbitrary valid...
CVE-2011-1740
EMC Avamar 4.x, 5.0.x and 6.0.x prior to 6.0.0-592 are affected by a privilege enforcement bypass that may allow remote authenticated users to modify client data or view sensitive activity by leveraging access across domains. The issue is described in EMC advisory ESA-2011-018 and related CVE-201...
CVE-2010-1919
Summary (CVE-2010-1919) : A DoS vulnerability in EMC Avamar 4.1.x and 5.0 prior to SP1 allows an unauthenticated remote attacker to hang the gsan service by sending a crafted TCP message, potentially requiring a reboot of the affected grid. Affected versions: EMC Avamar 4.1.x and 5.0 (pre-SP1). M...
CVE-2011-0442
EMC Avamar 5.x before 5.0.4 transmits event details in cleartext over service requests and internal emails, potentially exposing sensitive customer information to network sniffing. Affected versions include EMC Avamar 5.0.0-407 and later but prior to 5.0.4 (5.0 SP4). Resolution guidance from EMC ...
CVE-2014-4623
EMC Avamar ADS GEN4(S) and Avamar Virtual Edition (AVE) versions 6.0.x, 6.1.x, and 7.0.x are affected when the Password Hardening package is installed prior to 2.0.0.4. The issue stems from using UNIX DES crypt for password hashing, enabling context-dependent attackers to recover cleartext passwo...
CVE-2016-0906
The CVE-2016-0906 entry describes a vulnerability in EMC Avamar’s web-restore interface present in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) up to versions 7.2.1. An authenticated remote user can read or delete directories via Linux backup-restore operations, indicating improper ac...
CVE-2011-0648
CVE-2011-0648 affects EMC Avamar prior to version 5.0.4-30, where remote authenticated users can gain privileges via unknown vectors. The vulnerability is classified with a high impact (CVSSv2 base score 8.5) and involves complete impact on confidentiality, integrity, and availability. Affected c...
CVE-2012-2291
CVE-2012-2291 affects EMC Avamar Client 4.x/5.x/6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x/5.x/6.x for Oracle. The root cause is world-writable permissions on cache directories, which enables local users to elevate privileges via an unspecified symlink attack. The accompanying secur...
CVE-2013-0944
CVE-2013-0944 affects EMC Avamar Server prior to 6.1.0. The issue resides in the web-based file-restore interface, allowing remote authenticated users to read arbitrary files via a crafted URL. Red Hat and EMC advisories corroborate the vulnerability and provide a remediation path: upgrade to EMC...