Vulnerabilities > EMC > Avamar Server > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-21 | CVE-2017-4990 | Unrestricted Upload of File with Dangerous Type vulnerability in EMC Avamar Server In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system. | 7.5 |
| 2017-06-21 | CVE-2017-4989 | Improper Authentication vulnerability in EMC Avamar Server In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. | 7.5 |
| 2016-09-21 | CVE-2016-0920 | Command Injection vulnerability in EMC Avamar Server 7.2.0401/7.2.131/7.2.132 Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration. | 7.2 |
| 2016-09-21 | CVE-2016-0905 | Permissions, Privileges, and Access Controls vulnerability in EMC Avamar Server 7.2.0401/7.2.131/7.2.132 Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. | 7.2 |
| 2015-07-23 | CVE-2015-4527 | Information Exposure vulnerability in EMC Avamar Server and Avamar Server Virtual Edition Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters. | 7.8 |