Search criteria
60 vulnerabilities found for networker by emc
FKIE_CVE-2017-15548
Vulnerability from fkie_nvd - Published: 2018-01-05 17:29 - Updated: 2024-11-21 03:14
Severity ?
Summary
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2018/Jan/17 | Issue Tracking, Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/102352 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1040070 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jan/17 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102352 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040070 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | avamar_server | 7.1-21 | |
| emc | avamar_server | 7.1-145 | |
| emc | avamar_server | 7.1-302 | |
| emc | avamar_server | 7.1-370 | |
| emc | avamar_server | 7.2-32 | |
| emc | avamar_server | 7.2-309 | |
| emc | avamar_server | 7.2-401 | |
| emc | avamar_server | 7.3-125 | |
| emc | avamar_server | 7.3-211 | |
| emc | avamar_server | 7.3-226 | |
| emc | avamar_server | 7.3-233 | |
| emc | avamar_server | 7.4-58 | |
| emc | avamar_server | 7.4-242 | |
| emc | avamar_server | 7.5-183 | |
| emc | integrated_data_protection_appliance | 2.0 | |
| emc | networker | 9.0 | |
| emc | networker | 9.1 | |
| emc | networker | 9.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.1-21:sp2:*:*:*:*:*:*",
"matchCriteriaId": "323E56C6-6B78-451F-A80E-041D54099867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.1-145:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2D107C2E-A98C-4242-9491-6E9D77C53AA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.1-302:*:*:*:*:*:*:*",
"matchCriteriaId": "4E873853-D132-4395-8A88-1950741E4020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.1-370:*:*:*:*:*:*:*",
"matchCriteriaId": "5CECC623-D5E1-491A-AE79-890BA83CEF83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.2-32:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0DE64DDE-F009-442D-8287-C2985C7907CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.2-309:*:*:*:*:*:*:*",
"matchCriteriaId": "0E603320-F634-46D0-B3F3-27B43AD853C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.2-401:*:*:*:*:*:*:*",
"matchCriteriaId": "381B1CF4-9A04-419C-97D1-7997E24D78EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.3-125:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F8E173EB-AA44-4C78-AE35-5A61120A3F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.3-211:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9B1C79-59E3-4FCE-8268-1125E599CE09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.3-226:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79B2E0-E227-4D30-9EC0-6E186C8E1F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.3-233:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB11FC4-D82F-4F15-A559-1B86D6FD262D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.4-58:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EEE728F4-0944-4526-98A1-2610A94958AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.4-242:*:*:*:*:*:*:*",
"matchCriteriaId": "F72F4EE3-DE40-4F99-8869-DDCA53E8FBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.5-183:*:*:*:*:*:*:*",
"matchCriteriaId": "3D008A0B-CB0F-4338-811C-02796C31F758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8896568-958B-45D3-893B-30E3D9E4ED5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.0:*:*:*:virtual:*:*:*",
"matchCriteriaId": "D4E32F32-86B3-4833-B437-DAA7875637C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.1:*:*:*:virtual:*:*:*",
"matchCriteriaId": "C8608852-5E06-45F1-86F5-EB5E77E6D699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.2:*:*:*:virtual:*:*:*",
"matchCriteriaId": "2D056AFC-8E7B-454D-A190-178ECA69D379",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data Protection Appliance 2.0. Un usuario remoto malicioso no autenticado puede omitir la autenticaci\u00f3n de la aplicaci\u00f3n y obtener acceso root no autorizado a los sistemas afectados."
}
],
"id": "CVE-2017-15548",
"lastModified": "2024-11-21T03:14:45.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-05T17:29:00.223",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102352"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040070"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-15550
Vulnerability from fkie_nvd - Published: 2018-01-05 17:29 - Updated: 2024-11-21 03:14
Severity ?
Summary
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2018/Jan/17 | Issue Tracking, Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/102358 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1040070 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jan/17 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102358 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040070 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | avamar_server | 7.1-21 | |
| emc | avamar_server | 7.1-145 | |
| emc | avamar_server | 7.1-302 | |
| emc | avamar_server | 7.1-370 | |
| emc | avamar_server | 7.2-32 | |
| emc | avamar_server | 7.2-309 | |
| emc | avamar_server | 7.2-401 | |
| emc | avamar_server | 7.3-125 | |
| emc | avamar_server | 7.3-211 | |
| emc | avamar_server | 7.3-226 | |
| emc | avamar_server | 7.3-233 | |
| emc | avamar_server | 7.4-58 | |
| emc | avamar_server | 7.4-242 | |
| emc | avamar_server | 7.5-183 | |
| emc | integrated_data_protection_appliance | 2.0 | |
| emc | networker | 9.0 | |
| emc | networker | 9.1 | |
| emc | networker | 9.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.1-21:sp2:*:*:*:*:*:*",
"matchCriteriaId": "323E56C6-6B78-451F-A80E-041D54099867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.1-145:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2D107C2E-A98C-4242-9491-6E9D77C53AA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.1-302:*:*:*:*:*:*:*",
"matchCriteriaId": "4E873853-D132-4395-8A88-1950741E4020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.1-370:*:*:*:*:*:*:*",
"matchCriteriaId": "5CECC623-D5E1-491A-AE79-890BA83CEF83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.2-32:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0DE64DDE-F009-442D-8287-C2985C7907CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.2-309:*:*:*:*:*:*:*",
"matchCriteriaId": "0E603320-F634-46D0-B3F3-27B43AD853C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.2-401:*:*:*:*:*:*:*",
"matchCriteriaId": "381B1CF4-9A04-419C-97D1-7997E24D78EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.3-125:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F8E173EB-AA44-4C78-AE35-5A61120A3F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.3-211:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9B1C79-59E3-4FCE-8268-1125E599CE09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.3-226:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79B2E0-E227-4D30-9EC0-6E186C8E1F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.3-233:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB11FC4-D82F-4F15-A559-1B86D6FD262D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.4-58:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EEE728F4-0944-4526-98A1-2610A94958AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.4-242:*:*:*:*:*:*:*",
"matchCriteriaId": "F72F4EE3-DE40-4F99-8869-DDCA53E8FBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.5-183:*:*:*:*:*:*:*",
"matchCriteriaId": "3D008A0B-CB0F-4338-811C-02796C31F758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8896568-958B-45D3-893B-30E3D9E4ED5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.0:*:*:*:virtual:*:*:*",
"matchCriteriaId": "D4E32F32-86B3-4833-B437-DAA7875637C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.1:*:*:*:virtual:*:*:*",
"matchCriteriaId": "C8608852-5E06-45F1-86F5-EB5E77E6D699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.2:*:*:*:virtual:*:*:*",
"matchCriteriaId": "2D056AFC-8E7B-454D-A190-178ECA69D379",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data Protection Appliance 2.0. Un usuario autenticado remoto malicioso con bajos privilegios podr\u00eda acceder a archivos arbitrarios en el sistema de archivos del servidor en el contexto de la aplicaci\u00f3n vulnerable en ejecuci\u00f3n mediante un salto de directorio."
}
],
"id": "CVE-2017-15550",
"lastModified": "2024-11-21T03:14:45.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-05T17:29:00.300",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102358"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040070"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-15549
Vulnerability from fkie_nvd - Published: 2018-01-05 17:29 - Updated: 2024-11-21 03:14
Severity ?
Summary
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2018/Jan/17 | Issue Tracking, Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/102363 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1040070 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jan/17 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102363 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040070 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | avamar_server | 7.1-21 | |
| emc | avamar_server | 7.1-145 | |
| emc | avamar_server | 7.1-302 | |
| emc | avamar_server | 7.1-370 | |
| emc | avamar_server | 7.2-32 | |
| emc | avamar_server | 7.2-309 | |
| emc | avamar_server | 7.2-401 | |
| emc | avamar_server | 7.3-125 | |
| emc | avamar_server | 7.3-211 | |
| emc | avamar_server | 7.3-226 | |
| emc | avamar_server | 7.3-233 | |
| emc | avamar_server | 7.4-58 | |
| emc | avamar_server | 7.4-242 | |
| emc | avamar_server | 7.5-183 | |
| emc | integrated_data_protection_appliance | 2.0 | |
| emc | networker | 9.0 | |
| emc | networker | 9.1 | |
| emc | networker | 9.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.1-21:sp2:*:*:*:*:*:*",
"matchCriteriaId": "323E56C6-6B78-451F-A80E-041D54099867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.1-145:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2D107C2E-A98C-4242-9491-6E9D77C53AA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.1-302:*:*:*:*:*:*:*",
"matchCriteriaId": "4E873853-D132-4395-8A88-1950741E4020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.1-370:*:*:*:*:*:*:*",
"matchCriteriaId": "5CECC623-D5E1-491A-AE79-890BA83CEF83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.2-32:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0DE64DDE-F009-442D-8287-C2985C7907CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.2-309:*:*:*:*:*:*:*",
"matchCriteriaId": "0E603320-F634-46D0-B3F3-27B43AD853C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.2-401:*:*:*:*:*:*:*",
"matchCriteriaId": "381B1CF4-9A04-419C-97D1-7997E24D78EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.3-125:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F8E173EB-AA44-4C78-AE35-5A61120A3F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.3-211:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9B1C79-59E3-4FCE-8268-1125E599CE09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.3-226:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79B2E0-E227-4D30-9EC0-6E186C8E1F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.3-233:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB11FC4-D82F-4F15-A559-1B86D6FD262D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.4-58:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EEE728F4-0944-4526-98A1-2610A94958AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.4-242:*:*:*:*:*:*:*",
"matchCriteriaId": "F72F4EE3-DE40-4F99-8869-DDCA53E8FBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:avamar_server:7.5-183:*:*:*:*:*:*:*",
"matchCriteriaId": "3D008A0B-CB0F-4338-811C-02796C31F758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8896568-958B-45D3-893B-30E3D9E4ED5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.0:*:*:*:virtual:*:*:*",
"matchCriteriaId": "D4E32F32-86B3-4833-B437-DAA7875637C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.1:*:*:*:virtual:*:*:*",
"matchCriteriaId": "C8608852-5E06-45F1-86F5-EB5E77E6D699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.2:*:*:*:virtual:*:*:*",
"matchCriteriaId": "2D056AFC-8E7B-454D-A190-178ECA69D379",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data Protection Appliance 2.0. Un usuario remoto malicioso con bajos privilegios podr\u00eda cargar archivos arbitrarios maliciosamente manipulados en cualquier ubicaci\u00f3n del sistema de archivos del servidor."
}
],
"id": "CVE-2017-15549",
"lastModified": "2024-11-21T03:14:45.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-05T17:29:00.253",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102363"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040070"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-8022
Vulnerability from fkie_nvd - Published: 2017-10-18 15:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system's platform.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2017/Oct/35 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securitytracker.com/id/1039583 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Oct/35 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039583 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | networker | * | |
| emc | networker | 9.0.0.3 | |
| emc | networker | 9.0.0.4 | |
| emc | networker | 9.0.0.5 | |
| emc | networker | 9.0.0.6 | |
| emc | networker | 9.0.0.7 | |
| emc | networker | 9.0.0.8 | |
| emc | networker | 9.0.1.1 | |
| emc | networker | 9.0.1.2 | |
| emc | networker | 9.0.1.3 | |
| emc | networker | 9.0.1.4 | |
| emc | networker | 9.0.1.5 | |
| emc | networker | 9.0.1.6 | |
| emc | networker | 9.0.1.7 | |
| emc | networker | 9.0.1.8 | |
| emc | networker | 9.0.1.9 | |
| emc | networker | 9.1.0.3 | |
| emc | networker | 9.1.0.4 | |
| emc | networker | 9.1.0.5 | |
| emc | networker | 9.1.0.6 | |
| emc | networker | 9.1.1.1 | |
| emc | networker | 9.1.1.2 | |
| emc | networker | 9.2.0.1 | |
| emc | networker | 9.2.0.2 | |
| emc | networker | 9.2.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:networker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "504CDC85-F6DE-4995-B19E-4E29D0B004A0",
"versionEndIncluding": "8.2.4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "320CDE7C-254C-465E-AB1C-EB2705098A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "973EACF3-9A27-4384-A32B-AF3C94E2C016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69A694E8-43C7-4521-BB4F-69874553F495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D29803-7F5B-4A55-AE34-B77B49AAB3FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "643079B8-7074-40DB-A8CC-D15E8408E34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B4282310-F646-485D-82F3-26D5F545A999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "922E6EAD-B2EE-4593-8B92-0496FFB7E40F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3193D3-5B8F-4D6B-9904-29F231D48574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BB6F04FD-B8B7-4A44-B0F1-F6E999E66937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F604839-43F3-4F85-B45E-EE63924E1A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "38C00A1A-2E11-45D7-9E83-D64F24F81299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DF1A99-B5D8-46C4-A291-D3CB55A95E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "80A9C4B4-CE28-45A8-93DD-9CD833082237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C648EF3C-1C68-4A6E-A9F4-C0EE10FDE9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E715F74F-EEE5-45AB-B7D0-FEBB23F029CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2870EA3-D157-4584-9052-D8BD84FBFB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BAC60D-694D-4D82-B8F8-3E12F7B54DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1740DEF3-E880-4D0A-8FB3-919108AC79CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DF4BA6-AD34-48E2-80ED-1FD60ABD41C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA35C1C-42F8-4DDF-B946-23BB751E8BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03FF8B7F-4E88-4903-87BC-9381BE7753A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B01B7004-6EC2-4D97-B416-9F878C8BBB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C26184C-AC7A-4B13-8774-8F5385D3487A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "91E05EA1-EBD2-4A56-A0DF-670442FCDD2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system\u0027s platform."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en EMC NetWorker (versiones anteriores a la 8.2.4.9, todas las versiones 9.0.x con soporte, las anteriores a la 9.1.1.3 y las anteriores a la 9.2.0.4). El servicio Server (nsrd) se ha visto afectado por una vulnerabilidad de desbordamiento de b\u00fafer. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en instalaciones vulnerables del software o provocar una denegaci\u00f3n de servicio, dependiendo de la plataforma del sistema objetivo."
}
],
"id": "CVE-2017-8022",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T15:29:00.737",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Oct/35"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Oct/35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039583"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-0916
Vulnerability from fkie_nvd - Published: 2016-06-10 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/bugtraq/2016/Jun/43 | Third Party Advisory | |
| security_alert@emc.com | http://www.securitytracker.com/id/1036075 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/bugtraq/2016/Jun/43 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036075 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:networker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD9E4CA-085E-49A9-A3F0-1244561AA85A",
"versionEndIncluding": "8.2.1.8",
"versionStartIncluding": "8.2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9DB5A5-2A04-4371-BA9A-5120C8D9EF91",
"versionEndExcluding": "8.2.2.6",
"versionStartIncluding": "8.2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80511F65-61E6-4981-9BF6-C6ED9E9BEB13",
"versionEndExcluding": "9.0.0.6",
"versionStartIncluding": "9.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance."
},
{
"lang": "es",
"value": "EMC NetWorker 8.2.1.x y 8.2.2.x en versiones anteriores a 8.2.2.6 y 9.x en versiones anteriores a 9.0.0.6 no maneja adecuadamente la autenticaci\u00f3n, lo que permite a atacantes remotos ejecutar comandos arbitrarios aprovechando el acceso a una instancia de NetWorker diferente."
}
],
"id": "CVE-2016-0916",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-10T01:59:02.817",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2016/Jun/43"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2016/Jun/43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036075"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-6849
Vulnerability from fkie_nvd - Published: 2015-12-05 03:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:networker:8.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "27A25145-9B2F-4C9B-8E9B-65E71FDB3EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F38B4D5D-C2F6-45A2-965D-73DECCF094AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8314DE-3BA0-4A54-AEA2-A2666961E82D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9424A33B-8A88-41A0-9399-A7201EE75A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D6B0E4D-0358-4A1D-9BE5-1840E2D7585A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D386E51-02E1-4BA8-AFD7-BE6EFAFC0082",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7832B1E1-6367-4D7C-B1A1-0517EB169378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD1A7FCF-5029-41BC-815D-D7089C75A195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EA7A0E-F89B-495F-946B-BE4C773CF475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61CD2EED-A21C-4CE1-8621-626C3723D65F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "25933657-2494-419B-9BA0-E4489B357A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2F3F38D0-3B95-450F-A212-208473D624D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B8756020-C00B-4035-97AB-B4AA6445342F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE473613-EF12-4E31-87D7-C96E9CADE4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3534CB1D-99B1-4D22-985E-AC4823A74CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E03DDF1E-ACB7-4537-9E3F-6562D684D100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C7283326-D640-4F93-9C48-F8847A49435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB1594CC-8F3F-4F54-AF21-D6D1E01B71FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F104816B-1F99-4F01-BDC9-6FB5C0B0C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DA1C36-6B73-4DA2-B10F-476BB4D75568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70E3A734-DE86-46C5-B713-AECEA6FDAF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "55F82679-EA1D-4D15-8A63-8EBC7EA5E62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "07413EC7-5A1E-464F-B07D-A03552C5758B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "989A6B97-D2D0-4011-A899-1BF20B12A69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "466F5C3D-3BE4-4B7A-9E46-AF244B2ABA2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B64B1B69-A32C-468E-B464-D4EE7A20D52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81468092-0C4D-464E-8272-32DAA72B9E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19378323-08B1-4F9B-9A72-268B19D1C691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B29894BB-1502-4F61-B961-5D75BDAB104C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE6EA84-5E4B-462F-956B-76CAFA6E4500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "323F4339-8BDE-4CEF-9151-2089F901897E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25E35791-8E1D-4EAF-90EE-49CD9E4369E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06BCB990-3485-4B25-8B36-E3B4060D5857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A555D471-D194-4CD9-871E-3F15C33593B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4988DB2B-8920-42A0-BBB2-F1C710BAA197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D5472494-CC1F-473C-8BF9-622CF068B6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4C06B8B2-D377-4AEE-8660-DA757F23A0BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92AAC072-3EFF-4709-A046-3F4CD82D8CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1844D405-90D6-4E70-9016-F58EAC784B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8982D63A-7143-4BE4-BA31-367860CB7290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FF860F53-437A-40C8-8DDD-27FADA385471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "23EF4F7E-26DC-4FE2-A76A-AA4F6C7D1F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F1DA8904-166E-4704-AF39-DC2BF6429FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC929F1-D460-4787-B801-D5215F639AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38AEAB9D-29F3-4711-899A-FC96E3745DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C2512216-4F2D-4B93-98E5-A5C71E00B029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F74F83AE-EEF6-46EC-9A1E-F45E4576A229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18391227-EE1B-4EA9-95A1-B58F7F2325AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C47D51-FE5B-4F39-B6AA-1DEE2B8D2287",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages."
},
{
"lang": "es",
"value": "EMC NetWorker en versiones anteriores a 8.0.4.5, 8.1.x en versiones anteriores a 8.1.3.6, 8.2.x en versiones anteriores a 8.2.2.2 y 9.0 en versiones anteriores a build 407 permite a atacantes remotos causar una denegaci\u00f3n de servicio (interrupci\u00f3n de proceso) a trav\u00e9s de mensajes de autenticaci\u00f3n RPC mal formados."
}
],
"id": "CVE-2015-6849",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-12-05T03:59:07.520",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Dec/18"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1034287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Dec/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034287"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-0530
Vulnerability from fkie_nvd - Published: 2015-04-17 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | networker | * | |
| emc | networker | 8.1.0.0 | |
| emc | networker | 8.1.0.1 | |
| emc | networker | 8.1.0.2 | |
| emc | networker | 8.1.0.3 | |
| emc | networker | 8.1.0.4 | |
| emc | networker | 8.1.0.5 | |
| emc | networker | 8.1.1.0 | |
| emc | networker | 8.1.1.1 | |
| emc | networker | 8.1.1.2 | |
| emc | networker | 8.1.1.3 | |
| emc | networker | 8.1.1.4 | |
| emc | networker | 8.1.1.5 | |
| emc | networker | 8.1.1.6 | |
| emc | networker | 8.1.1.7 | |
| emc | networker | 8.1.1.8 | |
| emc | networker | 8.1.1.9 | |
| emc | networker | 8.1.2.0 | |
| emc | networker | 8.1.2.1 | |
| emc | networker | 8.1.2.2 | |
| emc | networker | 8.1.2.3 | |
| emc | networker | 8.1.2.4 | |
| emc | networker | 8.1.2.5 | |
| emc | networker | 8.2.0.0 | |
| emc | networker | 8.2.0.1 | |
| emc | networker | 8.2.0.2 | |
| emc | networker | 8.2.0.3 | |
| emc | networker | 8.2.0.4 | |
| emc | networker | 8.2.0.5 | |
| emc | networker | 8.2.0.6 | |
| emc | networker | 8.2.1.0 | |
| emc | networker | 8.2.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:networker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F91BE7-2B6A-4E6C-B2E7-0C3A06E56C58",
"versionEndIncluding": "8.0.4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F38B4D5D-C2F6-45A2-965D-73DECCF094AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8314DE-3BA0-4A54-AEA2-A2666961E82D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9424A33B-8A88-41A0-9399-A7201EE75A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D6B0E4D-0358-4A1D-9BE5-1840E2D7585A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D386E51-02E1-4BA8-AFD7-BE6EFAFC0082",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7832B1E1-6367-4D7C-B1A1-0517EB169378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD1A7FCF-5029-41BC-815D-D7089C75A195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EA7A0E-F89B-495F-946B-BE4C773CF475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61CD2EED-A21C-4CE1-8621-626C3723D65F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "25933657-2494-419B-9BA0-E4489B357A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2F3F38D0-3B95-450F-A212-208473D624D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B8756020-C00B-4035-97AB-B4AA6445342F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE473613-EF12-4E31-87D7-C96E9CADE4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3534CB1D-99B1-4D22-985E-AC4823A74CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E03DDF1E-ACB7-4537-9E3F-6562D684D100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C7283326-D640-4F93-9C48-F8847A49435F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB1594CC-8F3F-4F54-AF21-D6D1E01B71FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F104816B-1F99-4F01-BDC9-6FB5C0B0C580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DA1C36-6B73-4DA2-B10F-476BB4D75568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70E3A734-DE86-46C5-B713-AECEA6FDAF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "55F82679-EA1D-4D15-8A63-8EBC7EA5E62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "07413EC7-5A1E-464F-B07D-A03552C5758B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "323F4339-8BDE-4CEF-9151-2089F901897E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25E35791-8E1D-4EAF-90EE-49CD9E4369E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06BCB990-3485-4B25-8B36-E3B4060D5857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A555D471-D194-4CD9-871E-3F15C33593B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4988DB2B-8920-42A0-BBB2-F1C710BAA197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D5472494-CC1F-473C-8BF9-622CF068B6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4C06B8B2-D377-4AEE-8660-DA757F23A0BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92AAC072-3EFF-4709-A046-3F4CD82D8CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1844D405-90D6-4E70-9016-F58EAC784B9D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en una funci\u00f3n no especificada en nsr_render_log en EMC NetWorker anterior a 8.0.4.3, 8.1.x anterior a 8.1.2.6, y 8.2.x anterior a 8.2.1.2 permite a usuarios locales ganar privilegios a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2015-0530",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-17T01:59:24.543",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Apr/103"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1032147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Apr/103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032147"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-4620
Vulnerability from fkie_nvd - Published: 2014-10-25 10:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:meditech:meditech:3.0:87:*:*:*:*:*:*",
"matchCriteriaId": "E0C60C50-0F94-42C1-8A5E-4619A246DFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:meditech:meditech:3.0:90:*:*:*:*:*:*",
"matchCriteriaId": "AE45304B-075F-4F4E-9405-B641A27BC8CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:networker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4DAF0D5-7EFF-4F23-BAC4-04F8749E400A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files."
},
{
"lang": "es",
"value": "El m\u00f3dulo EMC NetWorker para MEDITECH (tambi\u00e9n conocido como NMMEDI) 3.0 build 87 hasta 90, cuando se utiliza EMC RecoverPoint y Plink, almacena las credenciales RecoverPoint Appliance en texto plano en ficheros del registro nsrmedisv.raw, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de estos ficheros."
}
],
"id": "CVE-2014-4620",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-25T10:55:06.023",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html"
},
{
"source": "security_alert@emc.com",
"url": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html"
},
{
"source": "security_alert@emc.com",
"url": "http://secunia.com/advisories/61952"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/70726"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1031116"
},
{
"source": "security_alert@emc.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97756"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-3285
Vulnerability from fkie_nvd - Published: 2013-11-02 19:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | networker | 8.0 | |
| emc | networker | 8.0.0.1 | |
| emc | networker | 8.0.0.2 | |
| emc | networker | 8.0.0.3 | |
| emc | networker | 8.0.0.4 | |
| emc | networker | 8.0.0.5 | |
| emc | networker | 8.0.0.6 | |
| emc | networker | 8.0.1.3 | |
| emc | networker | 8.0.1.4 | |
| emc | networker | 8.0.1.5 | |
| emc | networker | 8.0.1.6 | |
| emc | networker | 8.0.2.0 | |
| emc | networker | 8.0.2.1 | |
| emc | networker | 8.0.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:networker:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83625C74-9A2C-406D-A72F-98057C626180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C918819-AE64-4C02-BDFD-44A7950260E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D67F8C96-D9A8-4EBC-909D-8D5076F72C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5D89D53E-767D-43D6-822A-418297C7349C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B59F4C75-D6C7-4D9F-A3B5-311DA1D59F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3601F4F-FAA4-4B88-8B39-3E8DCCDC621F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "408E3FBD-64BF-4E37-9FA2-C9FC69A2D5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A95340F-8259-4471-A288-3046D67EDE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87F69CAF-0E54-45EF-9063-6FDCFA2A0BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A990F8EA-B69D-458B-8433-41BA5118D57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3875F1DF-21A9-4F50-8F01-D55AFD725094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C9084EB-5D75-477D-AF31-BDC174B1A23C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A851B4E-C9CB-4580-BFD9-4A28EA9E3859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C1185F7-6BEB-4546-9452-10CCBD509A48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources."
},
{
"lang": "es",
"value": "La NetWorker Management Console (NMC) de EMC NetWorker 8.0.x anterior a 8.0.2.3, cuando se utiliza Active Directory/LDAP para la autenticaci\u00f3n, permite a los usuarios remotos autenticados descubrir las contrase\u00f1as de administrador en texto plano a trav\u00e9s de (1) los informes de auditor\u00eda NMC sin especificar o (2) las solicitudes de recursos RAP."
}
],
"id": "CVE-2013-3285",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-02T19:55:04.460",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0150.html"
},
{
"source": "security_alert@emc.com",
"url": "http://osvdb.org/99067"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/63402"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1029265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0150.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/99067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/63402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029265"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-0943
Vulnerability from fkie_nvd - Published: 2013-07-31 13:20 - Updated: 2025-04-11 00:51
Severity ?
Summary
EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | networker | 7.6 | |
| emc | networker | 7.6 | |
| emc | networker | 7.6 | |
| emc | networker | 7.6.0.2 | |
| emc | networker | 7.6.0.3 | |
| emc | networker | 7.6.0.4 | |
| emc | networker | 7.6.0.5 | |
| emc | networker | 7.6.0.6 | |
| emc | networker | 7.6.0.7 | |
| emc | networker | 7.6.0.8 | |
| emc | networker | 7.6.0.9 | |
| emc | networker | 7.6.1 | |
| emc | networker | 7.6.1.1 | |
| emc | networker | 7.6.1.2 | |
| emc | networker | 7.6.1.3 | |
| emc | networker | 7.6.1.4 | |
| emc | networker | 7.6.1.5 | |
| emc | networker | 7.6.3 | |
| emc | networker | 7.6.4 | |
| emc | networker | 7.6.4.1 | |
| emc | networker | 7.6.4.2 | |
| emc | networker | 7.6.4.3 | |
| emc | networker | 7.6.4.4 | |
| emc | networker | 7.6.4.5 | |
| emc | networker | 7.6.5 | |
| emc | networker | 7.6.5.2 | |
| emc | networker | 7.6.5.3 | |
| emc | networker | 7.6.5.4 | |
| emc | networker | 7.6.5.5 | |
| emc | networker | 7.6.5.6 | |
| emc | networker | 8.0 | |
| emc | networker | 8.0.0.1 | |
| emc | networker | 8.0.0.2 | |
| emc | networker | 8.0.0.3 | |
| emc | networker | 8.0.0.4 | |
| emc | networker | 8.0.0.5 | |
| emc | networker | 8.0.0.6 | |
| emc | networker | 8.0.1.3 | |
| emc | networker | 8.0.1.4 | |
| emc | networker | 8.0.1.5 | |
| emc | networker | 8.0.1.6 | |
| emc | networker | 8.0.2.0 | |
| emc | networker | 8.0.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:networker:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "72846905-B210-4FC5-9B33-44901DEEFE37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "89324C33-21D3-463A-9C52-C495F3DC3CD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C13D9451-34DA-42FA-BC1E-2AEBB903B480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D87038FD-8115-4024-AB82-EFB0EF5B1C98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "985DDA57-DA2C-4EC7-BD42-F0B5E190DBF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D2CFD5DF-BCD0-46C6-B18E-60465A6318BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D68C4BE8-A053-46F3-B9F3-DDE3451F30B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2335F8A5-30E3-4452-8FFA-1ED185917313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A22B0B-E8C4-47AB-B276-E8E38BDDE818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA7C02D-DA10-4B9D-83C9-98BBE81E6166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "121F391B-295D-4684-A7F4-C91C57033532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B8771B6-D668-47B7-B114-E6E111A2A322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8BE130-4CA6-4690-AB01-59A50EB8B997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE180DF-44A3-49FA-865E-774D51E2F574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFDC5AA-A5F9-4F98-88CA-E83323C26255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "731868F9-F611-442B-85B6-8E5C7A963DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E27C64B9-83B9-44D9-A3FA-3B93867B086C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBD90BD-A1F7-45D6-9BD3-19AF88FD6087",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF6BADD-1761-4F58-8FE6-34824D36A42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB455DF-F7F5-4534-A854-BB61604DDD5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE098A5-18F8-43F1-967D-5FB1A4213BAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6C4DA434-8078-4E3D-84C9-6338B6860CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A517A5-86EC-4ACD-9120-9855FD4A66F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "945BBBE4-ACC1-4FD9-9147-2C3AD6AEBAD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FF979EA7-ADAF-4F5E-834A-16571BF7FF02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FE474B05-A028-4166-915F-96738CA18F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB839A7-524B-4E16-93E2-20223E409D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7979286C-889B-4403-A624-6BA997B1F9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "04A5F456-4351-403B-BB2B-13F82C8A61B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:7.6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEE7E63-28F7-47F4-9111-5837BF5BE142",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:networker:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83625C74-9A2C-406D-A72F-98057C626180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C918819-AE64-4C02-BDFD-44A7950260E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D67F8C96-D9A8-4EBC-909D-8D5076F72C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5D89D53E-767D-43D6-822A-418297C7349C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B59F4C75-D6C7-4D9F-A3B5-311DA1D59F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3601F4F-FAA4-4B88-8B39-3E8DCCDC621F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "408E3FBD-64BF-4E37-9FA2-C9FC69A2D5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A95340F-8259-4471-A288-3046D67EDE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "87F69CAF-0E54-45EF-9063-6FDCFA2A0BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A990F8EA-B69D-458B-8433-41BA5118D57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3875F1DF-21A9-4F50-8F01-D55AFD725094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C9084EB-5D75-477D-AF31-BDC174B1A23C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:networker:8.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A851B4E-C9CB-4580-BFD9-4A28EA9E3859",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin."
},
{
"lang": "es",
"value": "EMC NetWorker 7.6.x y 8.x anterior a 8.1, permite a usuarios locales obtener informaci\u00f3n sensible de la configuraci\u00f3n aprovechando los privilegios del sistema operativo para realizar un descifrado con nsradmin."
}
],
"id": "CVE-2013-0943",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-31T13:20:24.137",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0193.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0193.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-15549 (GCVE-0-2017-15549)
Vulnerability from cvelistv5 – Published: 2018-01-05 17:00 – Updated: 2024-08-05 19:57
VLAI?
Summary
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.
Severity ?
No CVSS data available.
CWE
- Arbitrary file upload vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0 |
Affected:
EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040070"
},
{
"name": "102363",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0"
}
]
}
],
"datePublic": "2018-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary file upload vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-06T10:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1040070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040070"
},
{
"name": "102363",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-15549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0",
"version": {
"version_data": [
{
"version_value": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary file upload vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040070",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040070"
},
{
"name": "102363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102363"
},
{
"name": "http://seclists.org/fulldisclosure/2018/Jan/17",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-15549",
"datePublished": "2018-01-05T17:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15550 (GCVE-0-2017-15550)
Vulnerability from cvelistv5 – Published: 2018-01-05 17:00 – Updated: 2024-08-05 19:57
VLAI?
Summary
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal.
Severity ?
No CVSS data available.
CWE
- Path traversal vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0 |
Affected:
EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:26.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040070"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
},
{
"name": "102358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102358"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0"
}
]
}
],
"datePublic": "2018-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path traversal vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-06T10:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1040070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040070"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
},
{
"name": "102358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102358"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-15550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0",
"version": {
"version_data": [
{
"version_value": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path traversal vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040070",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040070"
},
{
"name": "http://seclists.org/fulldisclosure/2018/Jan/17",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
},
{
"name": "102358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102358"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-15550",
"datePublished": "2018-01-05T17:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:26.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15548 (GCVE-0-2017-15548)
Vulnerability from cvelistv5 – Published: 2018-01-05 17:00 – Updated: 2024-08-05 19:57
VLAI?
Summary
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.
Severity ?
No CVSS data available.
CWE
- Authentication bypass vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0 |
Affected:
EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:26.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040070"
},
{
"name": "102352",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102352"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0"
}
]
}
],
"datePublic": "2018-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-06T10:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1040070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040070"
},
{
"name": "102352",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102352"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-15548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0",
"version": {
"version_data": [
{
"version_value": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040070",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040070"
},
{
"name": "102352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102352"
},
{
"name": "http://seclists.org/fulldisclosure/2018/Jan/17",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-15548",
"datePublished": "2018-01-05T17:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:26.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8022 (GCVE-0-2017-8022)
Vulnerability from cvelistv5 – Published: 2017-10-18 15:00 – Updated: 2024-08-05 16:19
VLAI?
Summary
An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system's platform.
Severity ?
No CVSS data available.
CWE
- Buffer Overflow Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4 |
Affected:
EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039583",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039583"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Oct/35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4"
}
]
}
],
"datePublic": "2017-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system\u0027s platform."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-19T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1039583",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039583"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2017/Oct/35"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-8022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4",
"version": {
"version_data": [
{
"version_value": "EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system\u0027s platform."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039583",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039583"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Oct/35",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Oct/35"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-8022",
"datePublished": "2017-10-18T15:00:00",
"dateReserved": "2017-04-21T00:00:00",
"dateUpdated": "2024-08-05T16:19:29.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0916 (GCVE-0-2016-0916)
Vulnerability from cvelistv5 – Published: 2016-06-10 01:00 – Updated: 2024-08-05 22:38
VLAI?
Summary
EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:38:41.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160608 ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Jun/43"
},
{
"name": "1036075",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036075"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20160608 ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Jun/43"
},
{
"name": "1036075",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036075"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-0916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160608 ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Jun/43"
},
{
"name": "1036075",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036075"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-0916",
"datePublished": "2016-06-10T01:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-05T22:38:41.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6849 (GCVE-0-2015-6849)
Vulnerability from cvelistv5 – Published: 2015-12-05 02:00 – Updated: 2024-08-06 07:36
VLAI?
Summary
EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:34.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034287",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034287"
},
{
"name": "20151203 ESA-2015-171 EMC NetWorker Denial-of-service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Dec/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T20:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1034287",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034287"
},
{
"name": "20151203 ESA-2015-171 EMC NetWorker Denial-of-service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Dec/18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-6849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034287",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034287"
},
{
"name": "20151203 ESA-2015-171 EMC NetWorker Denial-of-service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Dec/18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-6849",
"datePublished": "2015-12-05T02:00:00",
"dateReserved": "2015-09-10T00:00:00",
"dateUpdated": "2024-08-06T07:36:34.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0530 (GCVE-0-2015-0530)
Vulnerability from cvelistv5 – Published: 2015-04-17 01:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150415 ESA-2015-069: EMC NetWorker Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Apr/103"
},
{
"name": "1032147",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20150415 ESA-2015-069: EMC NetWorker Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Apr/103"
},
{
"name": "1032147",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150415 ESA-2015-069: EMC NetWorker Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Apr/103"
},
{
"name": "1032147",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0530",
"datePublished": "2015-04-17T01:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4620 (GCVE-0-2014-4620)
Vulnerability from cvelistv5 – Published: 2014-10-25 10:00 – Updated: 2024-08-06 11:20
VLAI?
Summary
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:26.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141022 ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html"
},
{
"name": "1031116",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031116"
},
{
"name": "70726",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70726"
},
{
"name": "emc-networker-cve20144620-info-disc(97756)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97756"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html"
},
{
"name": "61952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61952"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20141022 ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html"
},
{
"name": "1031116",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031116"
},
{
"name": "70726",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70726"
},
{
"name": "emc-networker-cve20144620-info-disc(97756)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97756"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html"
},
{
"name": "61952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61952"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-4620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141022 ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html"
},
{
"name": "1031116",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031116"
},
{
"name": "70726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70726"
},
{
"name": "emc-networker-cve20144620-info-disc(97756)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97756"
},
{
"name": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html"
},
{
"name": "61952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61952"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-4620",
"datePublished": "2014-10-25T10:00:00",
"dateReserved": "2014-06-24T00:00:00",
"dateUpdated": "2024-08-06T11:20:26.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3285 (GCVE-0-2013-3285)
Vulnerability from cvelistv5 – Published: 2013-11-02 19:00 – Updated: 2024-09-17 01:41
VLAI?
Summary
The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:36.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131029 ESA-2013-072: EMC NetWorker Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0150.html"
},
{
"name": "63402",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63402"
},
{
"name": "1029265",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029265"
},
{
"name": "99067",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-02T19:00:00Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20131029 ESA-2013-072: EMC NetWorker Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0150.html"
},
{
"name": "63402",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63402"
},
{
"name": "1029265",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029265"
},
{
"name": "99067",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99067"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2013-3285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131029 ESA-2013-072: EMC NetWorker Information Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0150.html"
},
{
"name": "63402",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63402"
},
{
"name": "1029265",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029265"
},
{
"name": "99067",
"refsource": "OSVDB",
"url": "http://osvdb.org/99067"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2013-3285",
"datePublished": "2013-11-02T19:00:00Z",
"dateReserved": "2013-04-26T00:00:00Z",
"dateUpdated": "2024-09-17T01:41:22.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0943 (GCVE-0-2013-0943)
Vulnerability from cvelistv5 – Published: 2013-07-31 10:00 – Updated: 2024-09-16 22:51
VLAI?
Summary
EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:41:48.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130729 ESA-2013-033: EMC NetWorker Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0193.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-31T10:00:00Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20130729 ESA-2013-033: EMC NetWorker Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0193.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2013-0943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130729 ESA-2013-033: EMC NetWorker Information Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0193.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2013-0943",
"datePublished": "2013-07-31T10:00:00Z",
"dateReserved": "2013-01-09T00:00:00Z",
"dateUpdated": "2024-09-16T22:51:02.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15549 (GCVE-0-2017-15549)
Vulnerability from nvd – Published: 2018-01-05 17:00 – Updated: 2024-08-05 19:57
VLAI?
Summary
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.
Severity ?
No CVSS data available.
CWE
- Arbitrary file upload vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0 |
Affected:
EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040070"
},
{
"name": "102363",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0"
}
]
}
],
"datePublic": "2018-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary file upload vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-06T10:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1040070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040070"
},
{
"name": "102363",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-15549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0",
"version": {
"version_data": [
{
"version_value": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary file upload vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040070",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040070"
},
{
"name": "102363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102363"
},
{
"name": "http://seclists.org/fulldisclosure/2018/Jan/17",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-15549",
"datePublished": "2018-01-05T17:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15550 (GCVE-0-2017-15550)
Vulnerability from nvd – Published: 2018-01-05 17:00 – Updated: 2024-08-05 19:57
VLAI?
Summary
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal.
Severity ?
No CVSS data available.
CWE
- Path traversal vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0 |
Affected:
EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:26.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040070"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
},
{
"name": "102358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102358"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0"
}
]
}
],
"datePublic": "2018-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path traversal vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-06T10:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1040070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040070"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
},
{
"name": "102358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102358"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-15550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0",
"version": {
"version_data": [
{
"version_value": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path traversal vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040070",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040070"
},
{
"name": "http://seclists.org/fulldisclosure/2018/Jan/17",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
},
{
"name": "102358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102358"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-15550",
"datePublished": "2018-01-05T17:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:26.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15548 (GCVE-0-2017-15548)
Vulnerability from nvd – Published: 2018-01-05 17:00 – Updated: 2024-08-05 19:57
VLAI?
Summary
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.
Severity ?
No CVSS data available.
CWE
- Authentication bypass vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0 |
Affected:
EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:26.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040070"
},
{
"name": "102352",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102352"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0"
}
]
}
],
"datePublic": "2018-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-06T10:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1040070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040070"
},
{
"name": "102352",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102352"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-15548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0",
"version": {
"version_data": [
{
"version_value": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040070",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040070"
},
{
"name": "102352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102352"
},
{
"name": "http://seclists.org/fulldisclosure/2018/Jan/17",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2018/Jan/17"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-15548",
"datePublished": "2018-01-05T17:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:26.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8022 (GCVE-0-2017-8022)
Vulnerability from nvd – Published: 2017-10-18 15:00 – Updated: 2024-08-05 16:19
VLAI?
Summary
An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system's platform.
Severity ?
No CVSS data available.
CWE
- Buffer Overflow Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4 |
Affected:
EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039583",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039583"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Oct/35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4"
}
]
}
],
"datePublic": "2017-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system\u0027s platform."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-19T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1039583",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039583"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2017/Oct/35"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-8022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4",
"version": {
"version_data": [
{
"version_value": "EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system\u0027s platform."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039583",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039583"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Oct/35",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Oct/35"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-8022",
"datePublished": "2017-10-18T15:00:00",
"dateReserved": "2017-04-21T00:00:00",
"dateUpdated": "2024-08-05T16:19:29.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0916 (GCVE-0-2016-0916)
Vulnerability from nvd – Published: 2016-06-10 01:00 – Updated: 2024-08-05 22:38
VLAI?
Summary
EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:38:41.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160608 ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Jun/43"
},
{
"name": "1036075",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036075"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20160608 ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Jun/43"
},
{
"name": "1036075",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036075"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-0916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160608 ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Jun/43"
},
{
"name": "1036075",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036075"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-0916",
"datePublished": "2016-06-10T01:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-05T22:38:41.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6849 (GCVE-0-2015-6849)
Vulnerability from nvd – Published: 2015-12-05 02:00 – Updated: 2024-08-06 07:36
VLAI?
Summary
EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:34.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034287",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034287"
},
{
"name": "20151203 ESA-2015-171 EMC NetWorker Denial-of-service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Dec/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T20:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1034287",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034287"
},
{
"name": "20151203 ESA-2015-171 EMC NetWorker Denial-of-service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Dec/18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-6849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034287",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034287"
},
{
"name": "20151203 ESA-2015-171 EMC NetWorker Denial-of-service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Dec/18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-6849",
"datePublished": "2015-12-05T02:00:00",
"dateReserved": "2015-09-10T00:00:00",
"dateUpdated": "2024-08-06T07:36:34.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0530 (GCVE-0-2015-0530)
Vulnerability from nvd – Published: 2015-04-17 01:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150415 ESA-2015-069: EMC NetWorker Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Apr/103"
},
{
"name": "1032147",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20150415 ESA-2015-069: EMC NetWorker Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Apr/103"
},
{
"name": "1032147",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150415 ESA-2015-069: EMC NetWorker Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Apr/103"
},
{
"name": "1032147",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0530",
"datePublished": "2015-04-17T01:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4620 (GCVE-0-2014-4620)
Vulnerability from nvd – Published: 2014-10-25 10:00 – Updated: 2024-08-06 11:20
VLAI?
Summary
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:26.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141022 ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html"
},
{
"name": "1031116",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031116"
},
{
"name": "70726",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70726"
},
{
"name": "emc-networker-cve20144620-info-disc(97756)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97756"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html"
},
{
"name": "61952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61952"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20141022 ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html"
},
{
"name": "1031116",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031116"
},
{
"name": "70726",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70726"
},
{
"name": "emc-networker-cve20144620-info-disc(97756)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97756"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html"
},
{
"name": "61952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61952"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-4620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141022 ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0145.html"
},
{
"name": "1031116",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031116"
},
{
"name": "70726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70726"
},
{
"name": "emc-networker-cve20144620-info-disc(97756)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97756"
},
{
"name": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128841/EMC-NetWorker-Module-For-MEDITECH-NMMEDI-Information-Disclosure.html"
},
{
"name": "61952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61952"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-4620",
"datePublished": "2014-10-25T10:00:00",
"dateReserved": "2014-06-24T00:00:00",
"dateUpdated": "2024-08-06T11:20:26.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3285 (GCVE-0-2013-3285)
Vulnerability from nvd – Published: 2013-11-02 19:00 – Updated: 2024-09-17 01:41
VLAI?
Summary
The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:36.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131029 ESA-2013-072: EMC NetWorker Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0150.html"
},
{
"name": "63402",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63402"
},
{
"name": "1029265",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029265"
},
{
"name": "99067",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-02T19:00:00Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20131029 ESA-2013-072: EMC NetWorker Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0150.html"
},
{
"name": "63402",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63402"
},
{
"name": "1029265",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029265"
},
{
"name": "99067",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99067"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2013-3285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131029 ESA-2013-072: EMC NetWorker Information Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0150.html"
},
{
"name": "63402",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63402"
},
{
"name": "1029265",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029265"
},
{
"name": "99067",
"refsource": "OSVDB",
"url": "http://osvdb.org/99067"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2013-3285",
"datePublished": "2013-11-02T19:00:00Z",
"dateReserved": "2013-04-26T00:00:00Z",
"dateUpdated": "2024-09-17T01:41:22.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0943 (GCVE-0-2013-0943)
Vulnerability from nvd – Published: 2013-07-31 10:00 – Updated: 2024-09-16 22:51
VLAI?
Summary
EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:41:48.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130729 ESA-2013-033: EMC NetWorker Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0193.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-31T10:00:00Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20130729 ESA-2013-033: EMC NetWorker Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0193.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2013-0943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130729 ESA-2013-033: EMC NetWorker Information Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0193.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2013-0943",
"datePublished": "2013-07-31T10:00:00Z",
"dateReserved": "2013-01-09T00:00:00Z",
"dateUpdated": "2024-09-16T22:51:02.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}