Vulnerabilities > EMC > Avamar Server > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-05 | CVE-2017-15548 | Improper Authentication vulnerability in EMC products An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. | 9.8 |
| 2017-06-21 | CVE-2017-4989 | Improper Authentication vulnerability in EMC Avamar Server In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. | 9.8 |
| 2017-06-21 | CVE-2017-4990 | Unrestricted Upload of File with Dangerous Type vulnerability in EMC Avamar Server In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system. | 9.8 |
| 2016-09-21 | CVE-2016-0903 | Information Exposure vulnerability in EMC Avamar Server Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent. | 9.1 |