9.8

CVE-2017-4989

EPSS 2.97%
Veröffentlicht 21.06.2017 20:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle security_alert@emc.com
CVE-Watchlists
Login
Unerledigt
Login

In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by an attacker to view sensitive information, perform software updates, or run maintenance workflows.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Emc ≫ Avamar Server Version7.2.0-401

Emc ≫ Avamar Server Version7.2.1-31

Emc ≫ Avamar Server Version7.2.1-32

Emc ≫ Avamar Server Version7.3.0-226

Emc ≫ Avamar Server Version7.3.0-233

Emc ≫ Avamar Server Version7.3.1-125

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.97%	0.858

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.securityfocus.com/archive/1/540754/30/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/99243

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1038718

https://nvd.nist.gov/vuln/detail/CVE-2017-4989

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-4989

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-4989

EUVD