Page 2 of 14 results (0.003 seconds)

CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users. EMC Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) en versiones 7.3 y versiones anteriores contienen una vulnerabilidad que podría exponer a los servidores Avamar a ser potencialmente comprometidos por usuarios maliciosos. • http://www.securityfocus.com/archive/1/539613 http://www.securityfocus.com/bid/93788 http://www.securitytracker.com/id/1037066 • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) en EMC Avamar Server en versiones anteriores a 7.3.0-233 permiten a usuarios locales obtener privilegios de root aprovechando el acceso de administrador e introduciendo un comando sudo. • http://seclists.org/bugtraq/2016/Sep/31 http://www.securityfocus.com/bid/93032 http://www.securitytracker.com/id/1036844 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration. Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) en EMC Avamar Server en versiones anteriores a 7.3.0-233 permiten a usuarios locales obtener acceso de root a través de un parámetro manipulado para un comando que está disponible en la configuración de sudo. • http://seclists.org/bugtraq/2016/Sep/31 http://www.securitytracker.com/id/1036844 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent. Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) en EMC Avamar Server en versiones anteriores a 7.3.0-233 confía en la autenticación del lado del cliente, lo que permite a atacantes remotos suplantar a clientes y leer datos de recuperación a través de un agente de cliente modificado. • http://seclists.org/bugtraq/2016/Sep/31 http://www.securityfocus.com/bid/93026 http://www.securitytracker.com/id/1036844 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program. Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) en EMC Avamar Server en versiones anteriores a 7.3.0-233 utiliza permisos débiles para directorios no especificados, lo que permite a usuarios locales obtener acceso de root mediante el reemplazo de una secuencia de comandos con un programa con troyano. • http://seclists.org/bugtraq/2016/Sep/31 http://www.securityfocus.com/bid/93032 http://www.securitytracker.com/id/1036844 • CWE-264: Permissions, Privileges, and Access Controls •