Avamar@* Security Vulnerabilities and Issues — Avamar@* CVE List

Lucene search

EmcAvamar*

5 matches found

CVE•added 2013/05/03 11:57 a.m.•38 views

CVE-2013-0945

EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

9.3CVSS6.7AI score0.00201EPSS

CVE•added 2010/05/28 6:30 p.m.•33 views

CVE-2010-1919

Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allows remote attackers to cause a denial of service (gsan service hang) by sending a crafted message using TCP.

7.1CVSS6.8AI score0.01659EPSS

CVE•added 2011/03/16 10:55 p.m.•31 views

CVE-2011-0442

The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network.

3.5CVSS6.4AI score0.00385EPSS

CVE•added 2011/03/16 10:55 p.m.•30 views

CVE-2011-0648

Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote authenticated users to gain privileges via unknown vectors.

8.5CVSS6.6AI score0.02531EPSS

CVE•added 2016/07/06 2:59 p.m.•29 views

CVE-2016-0906

The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation.

8.8CVSS8AI score0.00404EPSS