6.5
CVE-2011-0546
- EPSS 1.61%
- Veröffentlicht 31.05.2011 20:55:01
- Zuletzt bearbeitet 16.06.2026 23:27:36
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Symantec ≫ Backup Exec Version11.0
Symantec ≫ Backup Exec Version12.0
Symantec ≫ Backup Exec Version12.5
Symantec ≫ Backup Exec Version13.0
Symantec ≫ Backup Exec Version13.0 Updater2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.61% | 0.727 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.5 | 10 |
AV:A/AC:H/Au:S/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://marc.info/?l=bugtraq&m=131489365508507&w=2
http://secunia.com/advisories/44698
http://securityreason.com/securityalert/8300
http://www.securityfocus.com/bid/47824
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110526_00