CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2017-15548 – EMC Avamar Server / NetWorker Virtual Edition / Integrated Data Protection Applianc Bypass / Upload / Traversal
https://notcve.org/view.php?id=CVE-2017-15548
05 Jan 2018 — An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems. Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data Protection A... • http://seclists.org/fulldisclosure/2018/Jan/17 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 2%CPEs: 18EXPL: 0CVE-2017-15549 – EMC Avamar Server / NetWorker Virtual Edition / Integrated Data Protection Applianc Bypass / Upload / Traversal
https://notcve.org/view.php?id=CVE-2017-15549
05 Jan 2018 — An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system. Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data... • http://seclists.org/fulldisclosure/2018/Jan/17 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 3%CPEs: 18EXPL: 0CVE-2017-15550 – EMC Avamar Server / NetWorker Virtual Edition / Integrated Data Protection Applianc Bypass / Upload / Traversal
https://notcve.org/view.php?id=CVE-2017-15550
05 Jan 2018 — An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal. Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2... • http://seclists.org/fulldisclosure/2018/Jan/17 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •