Vulnerabilites related to emc - avamar_server_virtual_edition
CVE-2015-4527 (GCVE-0-2015-4527)
Vulnerability from cvelistv5
Published
2015-07-23 14:00
Modified
2024-08-06 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/bugtraq/2015/Jul/110 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1033026 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150722 ESA-2015-118: EMC Avamar Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jul/110"
},
{
"name": "1033026",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-08-14T16:57:05",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20150722 ESA-2015-118: EMC Avamar Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jul/110"
},
{
"name": "1033026",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150722 ESA-2015-118: EMC Avamar Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jul/110"
},
{
"name": "1033026",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-4527",
"datePublished": "2015-07-23T14:00:00",
"dateReserved": "2015-06-11T00:00:00",
"dateUpdated": "2024-08-06T06:18:11.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0909 (GCVE-0-2016-0909)
Vulnerability from cvelistv5
Published
2016-11-15 19:00
Modified
2024-08-05 22:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Privilege Management
Summary
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1037066 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/539613 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93788 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Avamar Data Store (ADS) versions 7.3.0 and older, Avamar Virtual Edition (AVE) versions 7.3.0 and older |
Version: EMC Avamar Data Store (ADS) versions 7.3.0 and older, Avamar Virtual Edition (AVE) versions 7.3.0 and older |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:38:40.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1037066",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037066"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539613"
},
{
"name": "93788",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93788"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Avamar Data Store (ADS) versions 7.3.0 and older, Avamar Virtual Edition (AVE) versions 7.3.0 and older",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Avamar Data Store (ADS) versions 7.3.0 and older, Avamar Virtual Edition (AVE) versions 7.3.0 and older"
}
]
}
],
"datePublic": "2016-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Privilege Management",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1037066",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037066"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.securityfocus.com/archive/1/539613"
},
{
"name": "93788",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93788"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-0909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Avamar Data Store (ADS) versions 7.3.0 and older, Avamar Virtual Edition (AVE) versions 7.3.0 and older",
"version": {
"version_data": [
{
"version_value": "EMC Avamar Data Store (ADS) versions 7.3.0 and older, Avamar Virtual Edition (AVE) versions 7.3.0 and older"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037066",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037066"
},
{
"name": "http://www.securityfocus.com/archive/1/539613",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/539613"
},
{
"name": "93788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93788"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-0909",
"datePublished": "2016-11-15T19:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-05T22:38:40.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3274 (GCVE-0-2013-3274)
Vulnerability from cvelistv5
Published
2013-07-18 22:00
Modified
2024-09-17 01:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:36.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130717 ESA-2013-055: EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-18T22:00:00Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20130717 ESA-2013-055: EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2013-3274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130717 ESA-2013-055: EMC Avamar Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2013-3274",
"datePublished": "2013-07-18T22:00:00Z",
"dateReserved": "2013-04-26T00:00:00Z",
"dateUpdated": "2024-09-17T01:10:51.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3275 (GCVE-0-2013-3275)
Vulnerability from cvelistv5
Published
2013-07-18 22:00
Modified
2024-09-17 01:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities."
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130717 ESA-2013-055: EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to \"cross frame scripting vulnerabilities.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-18T22:00:00Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20130717 ESA-2013-055: EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2013-3275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to \"cross frame scripting vulnerabilities.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130717 ESA-2013-055: EMC Avamar Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2013-3275",
"datePublished": "2013-07-18T22:00:00Z",
"dateReserved": "2013-04-26T00:00:00Z",
"dateUpdated": "2024-09-17T01:35:55.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-07-19 14:36
Modified
2025-04-11 00:51
Severity ?
Summary
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | avamar_server | * | |
| emc | avamar_server | 4.0 | |
| emc | avamar_server | 4.1 | |
| emc | avamar_server | 5.0 | |
| emc | avamar_server | 6.0 | |
| emc | avamar_server_virtual_edition | * | |
| emc | avamar_server_virtual_edition | 4.0 | |
| emc | avamar_server_virtual_edition | 4.1 | |
| emc | avamar_server_virtual_edition | 5.0 | |
| emc | avamar_server_virtual_edition | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:avamar_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA294375-CF0F-446C-8991-22B63809A556",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CEE5DA-62BD-4305-B8A1-8E0A3658ADC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F422350E-D1B5-4C29-9840-F1D4AE865D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9F9112-5CF6-4E9B-8DDF-6235E35DB4CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "641AE615-F18D-4E2D-AFC6-507B6094B4CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server_virtual_edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF7BF25-233A-474B-8E57-2D0863AB7A10",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server_virtual_edition:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E18A63-4315-48A8-A2D8-61349C0C99D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server_virtual_edition:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09242E14-0423-428E-801B-CB454574C474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server_virtual_edition:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED8D74A4-9147-4DD6-88C9-5EED728F10AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server_virtual_edition:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B9B711-8659-4624-8FBB-122DCD96BCE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "EMC Avamar Server y Avamar Virtual Edition anterior a v7.0 en plataformas Data Store Gen3, Gen4, y Gen4s no determina correctamente la autorizaci\u00f3n para llamadas a m\u00e9todos Java RMI, lo que permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario mediante vectores no especificados."
}
],
"id": "CVE-2013-3274",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-19T14:36:13.050",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-23 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | avamar_server | 7.1 | |
| emc | avamar_server_virtual_edition | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A308E8ED-65E3-4AAC-ACA9-B9B5DBFB3B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server_virtual_edition:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "208411F2-A98F-4AE6-88A0-0AD048C3B5B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en EMC Avamar Server 7.x anterior a 7.1.2 y Avamar Virtual Addition (AVE) 7.x anterior a 7.1.2, permite a atacantes remotos leer archivos arbitrarios por medio de la interfaz de cliente Avamar Desktop/Laptop para enviar par\u00e1metros manipulados."
}
],
"id": "CVE-2015-4527",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-23T14:59:01.083",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Jul/110"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1033026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Jul/110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033026"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-19 14:36
Modified
2025-04-11 00:51
Severity ?
Summary
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | avamar_server | * | |
| emc | avamar_server | 4.0 | |
| emc | avamar_server | 4.1 | |
| emc | avamar_server | 5.0 | |
| emc | avamar_server | 6.0 | |
| emc | avamar_server_virtual_edition | * | |
| emc | avamar_server_virtual_edition | 4.0 | |
| emc | avamar_server_virtual_edition | 4.1 | |
| emc | avamar_server_virtual_edition | 5.0 | |
| emc | avamar_server_virtual_edition | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:avamar_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA294375-CF0F-446C-8991-22B63809A556",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CEE5DA-62BD-4305-B8A1-8E0A3658ADC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F422350E-D1B5-4C29-9840-F1D4AE865D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9F9112-5CF6-4E9B-8DDF-6235E35DB4CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "641AE615-F18D-4E2D-AFC6-507B6094B4CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server_virtual_edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF7BF25-233A-474B-8E57-2D0863AB7A10",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server_virtual_edition:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E18A63-4315-48A8-A2D8-61349C0C99D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server_virtual_edition:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09242E14-0423-428E-801B-CB454574C474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server_virtual_edition:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED8D74A4-9147-4DD6-88C9-5EED728F10AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server_virtual_edition:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B9B711-8659-4624-8FBB-122DCD96BCE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to \"cross frame scripting vulnerabilities.\""
},
{
"lang": "es",
"value": "EMC Avamar Server y Avamar Virtual Edition anterior a v7.0 en plataformas Data Store Gen3, Gen4, y Gen4s no restringe correctamente el uso de elementos FRAME, lo que hace m\u00e1s f\u00e1cil para atacantes remotos obtener informaci\u00f3n sensible mediante un sitio web especialmente dise\u00f1ado, relacionado con \"cross frame scripting vulnerabilities.\""
}
],
"id": "CVE-2013-3275",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-19T14:36:13.060",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-15 19:30
Modified
2025-04-12 10:46
Severity ?
Summary
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | avamar_data_store | * | |
| emc | avamar_server_virtual_edition | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:avamar_data_store:*:*:*:*:*:*:*:*",
"matchCriteriaId": "729E003F-AD0D-4AF0-9CE3-6CB65B1207A3",
"versionEndIncluding": "7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server_virtual_edition:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF82B1DA-F631-4E27-8E6D-5628A3D5F152",
"versionEndIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users."
},
{
"lang": "es",
"value": "EMC Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) en versiones 7.3 y versiones anteriores contienen una vulnerabilidad que podr\u00eda exponer a los servidores Avamar a ser potencialmente comprometidos por usuarios maliciosos."
}
],
"id": "CVE-2016-0909",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-15T19:30:00.217",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/archive/1/539613"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/93788"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1037066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/archive/1/539613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037066"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}