Published: 05/01/2018 Updated: 18/01/2018

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

An issue exists in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal.

Vulnerable Product	Search on Vulmon	Subscribe to Product
emc avamar server 7.5-183
emc avamar server 7.4-242
emc avamar server 7.2-32
emc avamar server 7.1-302
emc avamar server 7.1-370
emc avamar server 7.1-145
emc integrated data protection appliance 2.0
emc networker 9.1
emc avamar server 7.3-233
emc avamar server 7.2-309
emc avamar server 7.4-58
emc avamar server 7.3-211
emc avamar server 7.3-226
emc networker 9.2
emc networker 9.0
emc avamar server 7.3-125
emc avamar server 7.2-401
emc avamar server 7.1-21

Attention, vSphere VDP backup admins: There is a little remote root hole you need to patch...

The Register • Thomas Claburn in San Francisco • 03 Jan 2018

And two other security bugs

VMware on Tuesday published a security advisory for its vSphere Data Protection (VDP) backup and recovery product. The virtualization giant identified three vulnerabilities, one of which it deems critical, with the two others categorized as important. The issues affect VDP 5.x, 6.0.x, and 6.1.x. CVE-2017-15548 is the critical flaw, which the biz described as a remote authentication bypass. If exploited, it could allow a remote unauthenticated attacker to bypass authentication protections, and ga...

CVE-2017-15550

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect