CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2017-15548
https://notcve.org/view.php?id=CVE-2017-15548
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems. Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data Protection Appliance 2.0. Un usuario remoto malicioso no autenticado puede omitir la autenticación de la aplicación y obtener acceso root no autorizado a los sistemas afectados. • http://seclists.org/fulldisclosure/2018/Jan/17 http://www.securityfocus.com/bid/102352 http://www.securitytracker.com/id/1040070 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 18EXPL: 0CVE-2017-15549
https://notcve.org/view.php?id=CVE-2017-15549
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system. Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data Protection Appliance 2.0. Un usuario remoto malicioso con bajos privilegios podría cargar archivos arbitrarios maliciosamente manipulados en cualquier ubicación del sistema de archivos del servidor. • http://seclists.org/fulldisclosure/2018/Jan/17 http://www.securityfocus.com/bid/102363 http://www.securitytracker.com/id/1040070 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 18EXPL: 0CVE-2017-15550
https://notcve.org/view.php?id=CVE-2017-15550
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal. Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data Protection Appliance 2.0. Un usuario autenticado remoto malicioso con bajos privilegios podría acceder a archivos arbitrarios en el sistema de archivos del servidor en el contexto de la aplicación vulnerable en ejecución mediante un salto de directorio. • http://seclists.org/fulldisclosure/2018/Jan/17 http://www.securityfocus.com/bid/102358 http://www.securitytracker.com/id/1040070 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0903
https://notcve.org/view.php?id=CVE-2016-0903
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent. Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) en EMC Avamar Server en versiones anteriores a 7.3.0-233 confía en la autenticación del lado del cliente, lo que permite a atacantes remotos suplantar a clientes y leer datos de recuperación a través de un agente de cliente modificado. • http://seclists.org/bugtraq/2016/Sep/31 http://www.securityfocus.com/bid/93026 http://www.securitytracker.com/id/1036844 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0904
https://notcve.org/view.php?id=CVE-2016-0904
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation. Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) en EMC Avamar Server en versiones anteriores a 7.3.0-233 utilizan la misma clave de cifrado a través de instalaciones de clientes diferentes, lo que permite a atacantes remotos vencer mecanismos de protección criptográfico y obtener información sensible del tráfico cliente-servidor aprovechando el conocimiento de esta clave para otra instalación. • http://seclists.org/bugtraq/2016/Sep/31 http://www.securityfocus.com/bid/93026 http://www.securitytracker.com/id/1036844 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •