Vulnerabilities > EMC > Avamar > 6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-06 | CVE-2016-0906 | Improper Access Control vulnerability in EMC Avamar The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation. | 6.5 |
| 2014-10-25 | CVE-2014-4623 | Cryptographic Issues vulnerability in EMC Avamar EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | 4.3 |
| 2013-05-03 | CVE-2013-0945 | Improper Input Validation vulnerability in EMC Avamar EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 9.3 |
| 2012-10-31 | CVE-2012-4610 | Credentials Management vulnerability in EMC Avamar 6.1 EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to the proxy client. | 3.3 |