9
CVE-2017-15549
- EPSS 2.35%
- Published 05.01.2018 17:29:00
- Last modified 21.11.2024 03:14:45
- Source security_alert@emc.com
- Teams watchlist Login
- Open Login
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.
Data is provided by the National Vulnerability Database (NVD)
Emc ≫ Avamar Server Version7.1-21 Updatesp2
Emc ≫ Avamar Server Version7.1-145 Updatesp1
Emc ≫ Avamar Server Version7.1-302
Emc ≫ Avamar Server Version7.1-370
Emc ≫ Avamar Server Version7.2-32 Updatesp1
Emc ≫ Avamar Server Version7.2-309
Emc ≫ Avamar Server Version7.2-401
Emc ≫ Avamar Server Version7.3-125 Updatesp1
Emc ≫ Avamar Server Version7.3-211
Emc ≫ Avamar Server Version7.3-226
Emc ≫ Avamar Server Version7.3-233
Emc ≫ Avamar Server Version7.4-58 Updatesp1
Emc ≫ Avamar Server Version7.4-242
Emc ≫ Avamar Server Version7.5-183
Emc ≫ Integrated Data Protection Appliance Version2.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.35% | 0.842 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.