Vulnerabilities > EMC > Avamar > 5.0.0.407

DATE CVE VULNERABILITY TITLE RISK
2016-07-06 CVE-2016-0906 Improper Access Control vulnerability in EMC Avamar
The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation.
network
low complexity
emc CWE-284
6.5
6.5
2013-05-03 CVE-2013-0945 Improper Input Validation vulnerability in EMC Avamar
EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
network
emc CWE-20
critical
 9.3
9.3
2013-05-03 CVE-2013-0944 Information Exposure vulnerability in EMC Avamar
The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.
network
emc CWE-200
3.5
3.5
2013-01-21 CVE-2012-2291 Permissions, Privileges, and Access Controls vulnerability in EMC Avamar and Avamar Plugin
EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack.
local
low complexity
emc apple hp CWE-264
7.2
7.2
2011-09-19 CVE-2011-1740 Permissions, Privileges, and Access Controls vulnerability in EMC Avamar
EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authenticated users to modify client data or obtain sensitive information about product activities by leveraging privileged access to a different domain.
low complexity
emc CWE-264
7.7
7.7
2011-03-16 CVE-2011-0648 Remote Privilege Escalation vulnerability in EMC Avamar (CVE-2011-0648)
Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote authenticated users to gain privileges via unknown vectors.
network
emc
8.5
8.5
2011-03-16 CVE-2011-0442 Cryptographic Issues vulnerability in EMC Avamar
The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network.
network
emc CWE-310
3.5
3.5