Emc

Avamar

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2016-0906

  • EPSS 0.41%
  • Veröffentlicht 06.07.2016 14:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation.

4.3

CVE-2014-4623

  • EPSS 0.33%
  • Veröffentlicht 25.10.2014 10:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers...

3.5

CVE-2013-0944

  • EPSS 0.16%
  • Veröffentlicht 03.05.2013 11:57:44
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.

9.3

CVE-2013-0945

  • EPSS 0.2%
  • Veröffentlicht 03.05.2013 11:57:44
  • Zuletzt bearbeitet 11.04.2025 00:51:21

EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a...

7.2

CVE-2012-2291

  • EPSS 0.03%
  • Veröffentlicht 21.01.2013 21:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack.

3.3

CVE-2012-4610

  • EPSS 0.18%
  • Veröffentlicht 31.10.2012 10:50:32
  • Zuletzt bearbeitet 11.04.2025 00:51:21

EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to the proxy client.

7.7

CVE-2011-1740

  • EPSS 0.36%
  • Veröffentlicht 19.09.2011 12:02:54
  • Zuletzt bearbeitet 11.04.2025 00:51:21

EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authenticated users to modify client data or obtain sensitive information about product activities by leveraging privileged access to a different domain.

3.5

CVE-2011-0442

  • EPSS 0.39%
  • Veröffentlicht 16.03.2011 22:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network.

8.5

CVE-2011-0648

  • EPSS 2.53%
  • Veröffentlicht 16.03.2011 22:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote authenticated users to gain privileges via unknown vectors.

7.1

CVE-2010-1919

  • EPSS 1.66%
  • Veröffentlicht 28.05.2010 18:30:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allows remote attackers to cause a denial of service (gsan service hang) by sending a crafted message using TCP.