CVE-2014-4624
EMC Avamar Sensitive Information Disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.
EMC Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) 6.x y 7.0.x hasta 7.0.2-43 no requieren autenticación para llamadas a la API Java, lo que permite a atacantes remotos descubrir las contraseñas de grid MCUser y GSAN a través de una llamada manipulada.
EMC Avamar server contains a vulnerability that may allow remote Avamar client user to retrieve sensitive account credentials from affected Avamar server using Java API calls. No authentication to Avamar server is required for this potential attack. Exposed information includes MCUser and GSAN account passwords of all grid systems that are being monitored in EMC Avamar Enterprise Manager. EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x up to and including 7.0.2-43 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-06-24 CVE Reserved
- 2014-10-24 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2014-10/0147.html | Mailing List | |
| http://packetstormsecurity.com/files/128843/EMC-Avamar-Sensitive-Information-Disclosure.html | X_refsource_misc |
|
| http://packetstormsecurity.com/files/128850/VMware-Security-Advisory-2014-0011.html | X_refsource_misc |
|
| http://secunia.com/advisories/61663 | Third Party Advisory | |
| http://secunia.com/advisories/61950 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/533813/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/70709 | Vdb Entry | |
| http://www.securitytracker.com/id/1031114 | Vdb Entry | |
| http://www.securitytracker.com/id/1031118 | Vdb Entry | |
| http://www.vmware.com/security/advisories/VMSA-2014-0011.html | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/97729 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Avamar Virtual Edition Search vendor "Avamar Virtual Edition" | 6.0 Search vendor "Avamar Virtual Edition" for product "6.0" | * | - |
Affected
| ||||||
| Avamar Virtual Edition Search vendor "Avamar Virtual Edition" | 6.0.402 Search vendor "Avamar Virtual Edition" for product "6.0.402" | * | - |
Affected
| ||||||
| Avamar Virtual Edition Search vendor "Avamar Virtual Edition" | 7.0 Search vendor "Avamar Virtual Edition" for product "7.0" | * | - |
Affected
| ||||||
| Avamar Virtual Edition Search vendor "Avamar Virtual Edition" | 7.0.2-43 Search vendor "Avamar Virtual Edition" for product "7.0.2-43" | * | - |
Affected
| ||||||