An issue exists in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
emc integrated data protection appliance 2.0 |
||
emc networker 9.2 |
||
emc networker 9.1 |
||
emc networker 9.0 |
||
emc avamar server 7.5-183 |
||
emc avamar server 7.4-242 |
||
emc avamar server 7.4-58 |
||
emc avamar server 7.3-211 |
||
emc avamar server 7.3-226 |
||
emc avamar server 7.3-233 |
||
emc avamar server 7.3-125 |
||
emc avamar server 7.2-309 |
||
emc avamar server 7.2-401 |
||
emc avamar server 7.2-32 |
||
emc avamar server 7.1-302 |
||
emc avamar server 7.1-370 |
||
emc avamar server 7.1-145 |
||
emc avamar server 7.1-21 |
And two other security bugs
VMware on Tuesday published a security advisory for its vSphere Data Protection (VDP) backup and recovery product. The virtualization giant identified three vulnerabilities, one of which it deems critical, with the two others categorized as important. The issues affect VDP 5.x, 6.0.x, and 6.1.x. CVE-2017-15548 is the critical flaw, which the biz described as a remote authentication bypass. If exploited, it could allow a remote unauthenticated attacker to bypass authentication protections, and ga...