Vulnerabilities > EMC > Avamar Server

DATE CVE VULNERABILITY TITLE RISK
2018-01-05 CVE-2017-15550 Path Traversal vulnerability in EMC products
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0.
network
low complexity
emc CWE-22
critical
9.0
2018-01-05 CVE-2017-15549 Unrestricted Upload of File with Dangerous Type vulnerability in EMC products
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0.
network
low complexity
emc CWE-434
critical
9.0
2018-01-05 CVE-2017-15548 Improper Authentication vulnerability in EMC products
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0.
network
low complexity
emc CWE-287
critical
10.0
2017-06-21 CVE-2017-4990 Unrestricted Upload of File with Dangerous Type vulnerability in EMC Avamar Server
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system.
network
low complexity
emc CWE-434
7.5
2017-06-21 CVE-2017-4989 Improper Authentication vulnerability in EMC Avamar Server
In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page.
network
low complexity
emc CWE-287
7.5
2016-09-21 CVE-2016-0921 Permissions, Privileges, and Access Controls vulnerability in EMC Avamar Server 7.2.0401/7.2.131/7.2.132
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program.
local
emc CWE-264
6.9
2016-09-21 CVE-2016-0920 Command Injection vulnerability in EMC Avamar Server 7.2.0401/7.2.131/7.2.132
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration.
local
low complexity
emc CWE-77
7.2
2016-09-21 CVE-2016-0905 Permissions, Privileges, and Access Controls vulnerability in EMC Avamar Server 7.2.0401/7.2.131/7.2.132
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command.
local
low complexity
emc CWE-264
7.2
2016-09-21 CVE-2016-0904 Information Exposure vulnerability in EMC Avamar Server 7.2.0401/7.2.131/7.2.132
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation.
network
low complexity
emc CWE-200
5.0
2016-09-21 CVE-2016-0903 Information Exposure vulnerability in EMC Avamar Server 7.2.0401/7.2.131/7.2.132
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent.
network
low complexity
emc CWE-200
6.4