ID CVE-2012-2284
Summary The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
References
Vulnerable Configurations
  • EMC NetWorker Module for Microsoft Applications 2.4
    cpe:2.3:a:emc:networker_module_for_microsoft_applications:2.4
  • EMC NetWorker Module for Microsoft Applications 2.3
    cpe:2.3:a:emc:networker_module_for_microsoft_applications:2.3
  • EMC NetWorker Module for Microsoft Applications 2.2.1
    cpe:2.3:a:emc:networker_module_for_microsoft_applications:2.2.1
  • Microsoft Exchange Server
    cpe:2.3:a:microsoft:exchange_server
CVSS
Base: 2.1 (as of 19-10-2012 - 09:42)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family Windows
NASL id EMC_NETWORKER_MODULE_2_4_375.NASL
description The version of EMC NetWorker (formerly Legato NetWorker) Module for Microsoft Applications installed on the remote host is 2.2.1, 2.3 prior to 2.3 build 122, or 2.4 prior to 2.4 build 375. As such, it reportedly is affected by multiple vulnerabilities, including arbitrary code execution and an information disclosure vulnerability that could allow an attacker the ability to obtain plaintext credentials.
last seen 2019-02-21
modified 2018-11-15
plugin id 62946
published 2012-11-16
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=62946
title EMC NetWorker Module for Microsoft Applications 2.2.1 / 2.3.x < 2.3 build 122 / 2.4.x < 2.4 build 375 Multiple Vulnerabilities
refmap via4
bid 55883
bugtraq 20121010 ESA-2012-025: EMC NetWorker Module for Microsoft Applications (NMM) Multiple Vulnerabilities
osvdb 86157
sectrack 1027647
secunia 50957
Last major update 18-04-2013 - 23:21
Published 18-10-2012 - 13:55
Back to Top