CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2017-15548 – EMC Avamar Server / NetWorker Virtual Edition / Integrated Data Protection Applianc Bypass / Upload / Traversal
https://notcve.org/view.php?id=CVE-2017-15548
05 Jan 2018 — An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems. Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data Protection A... • http://seclists.org/fulldisclosure/2018/Jan/17 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 1%CPEs: 18EXPL: 0CVE-2017-15549 – EMC Avamar Server / NetWorker Virtual Edition / Integrated Data Protection Applianc Bypass / Upload / Traversal
https://notcve.org/view.php?id=CVE-2017-15549
05 Jan 2018 — An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system. Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data... • http://seclists.org/fulldisclosure/2018/Jan/17 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 1%CPEs: 18EXPL: 0CVE-2017-15550 – EMC Avamar Server / NetWorker Virtual Edition / Integrated Data Protection Applianc Bypass / Upload / Traversal
https://notcve.org/view.php?id=CVE-2017-15550
05 Jan 2018 — An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal. Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2... • http://seclists.org/fulldisclosure/2018/Jan/17 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 0CVE-2017-4990 – EMC Avamar File Upload / Authentication Bypass
https://notcve.org/view.php?id=CVE-2017-4990
21 Jun 2017 — In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system. En EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233 y 7.3.0-226, un atacante no autorizado podría aprovechar la característica de subida de archivos de la página de mantenimient... • http://www.securityfocus.com/archive/1/540754/30/0/threaded • CWE-434: Unrestricted Upload of File with Dangerous Type •