Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2009-3027

Published: 11/12/2009 Updated: 10/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Symantec

Vulnerability Summary

VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA up to and including 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA up to and including 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote malicious users to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300.

Vulnerable Product Search on Vulmon Subscribe to Product

symantec veritas backup exec 11d

symantec veritas backup exec 12.0

symantec veritas storage foundation for sybase 5.0

symantec veritas storage foundation for oracle real application cluster 5.0

symantec veritas storage foundation for oracle real application cluster 4.1

symantec veritas storage foundation for windows high availability 4.3mp2

symantec veritas netbackup operations manager 6.5.5

symantec veritas netbackup reporter 6.0_ga

symantec veritas storage foundation for windows high availability 5.1

symantec veritas storage foundation for windows high availability 5.0rp2

symantec veritas storage foundation for db2 4.1

symantec veritas storage foundation manager 1.1

symantec veritas storage foundation manager 1.1.1ux

symantec veritas cluster server 4.1

symantec veritas cluster server one 2.0.2

symantec veritas application director 1.1

symantec veritas storage foundation cluster file system 5.0

symantec veritas storage foundation cluster file system 4.1

symantec veritas storage foundation cluster file system 4.0

symantec veritas command central enterprise reporter 5.0mp1

symantec veritas command central enterprise reporter 5.0mp1rp1

symantec veritas netbackup reporter 6.6

symantec veritas storage foundation for sybase 4.1

symantec veritas storage foundation for oracle real application cluster 4.0

symantec veritas storage foundation for windows high availability 5.0rp1a

symantec veritas storage foundation for windows high availability 5.0

symantec veritas storage foundation for db2 5.0

symantec veritas storage foundation manager 1.1.1win

symantec veritas storage foundation manager 2.0

symantec veritas cluster server 5.0

symantec veritas cluster server management console 5.1

symantec veritas storage foundation cluster file system for oracle rac 5.0

symantec veritas command central storage 4.x

symantec veritas command central storage change manager 5.0

symantec veritas command central storage change manager 5.1

symantec veritas micromeasure 5.0

symantec veritas storage foundation for high availability 3.5

symantec veritas storage foundation for oracle 4.1

symantec veritas cluster server 3.5

symantec veritas cluster server 4.0

symantec veritas cluster server management console 5.5

symantec veritas cluster server management console 5.5.1

symantec veritas storage foundation cluster file system 3.5

symantec veritas command central storage 5.0

symantec veritas command central storage 5.1

symantec backup exec continuous protection server 11d

symantec backup exec continuous protection server 12.0

symantec veritas backup exec 12.5

symantec veritas netbackup operations manager 6.0_ga

symantec veritas storage foundation 3.5

symantec veritas storage foundation for windows high availability 5.1ap1

symantec veritas storage foundation for oracle 5.0

symantec veritas storage foundation for oracle 5.0.1

symantec veritas storage foundation for oracle real application cluster 3.5

symantec veritas storage foundation manager 1.0

symantec veritas storage foundation manager 1.0mp1

symantec veritas cluster server one 2.0

symantec veritas cluster server one 2.0.1

symantec veritas command central enterprise reporter 5.0_ga

symantec veritas command central enterprise reporter 5.1

symantec backup exec continuous protection server 12.5

symantec veritas storae foundation 3.5_onwards

References

CWE-287http://www.zerodayinitiative.com/advisories/ZDI-09-098/http://secunia.com/advisories/37631http://securitytracker.com/id?1023309http://seer.entsupport.symantec.com/docs/337279.htmhttp://seer.entsupport.symantec.com/docs/336988.htmhttp://www.osvdb.org/60884http://marc.info/?l=bugtraq&m=126046186917330&w=2http://seer.entsupport.symantec.com/docs/337392.htmhttp://securitytracker.com/id?1023312http://seer.entsupport.symantec.com/docs/337293.htmhttp://secunia.com/advisories/37637http://www.securityfocus.com/bid/37012http://www.vupen.com/english/advisories/2009/3467http://seer.entsupport.symantec.com/docs/337859.htmhttp://seer.entsupport.symantec.com/docs/337930.htmhttp://secunia.com/advisories/37685http://www.securitytracker.com/id?1023318http://www.securitytracker.com/id?1023313http://www.securitytracker.com/id?1023311http://www.vupen.com/english/advisories/2009/3483http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091209_00https://exchange.xforce.ibmcloud.com/vulnerabilities/54665https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7986http://www.securityfocus.com/archive/1/508358/100/0/threadedhttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook