Check CVE Id
Check CWE Id
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal.
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.
An issue was discovered in EMC NetWorker (prior to 188.8.131.52, all supported 9.0.x versions, prior to 184.108.40.206, prior to 220.127.116.11). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system's platform.
EMC NetWorker 8.2.1.x and 8.2.2.x before 18.104.22.168 and 9.x before 22.214.171.124 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance.
EMC NetWorker before 126.96.36.199, 8.1.x before 188.8.131.52, 8.2.x before 184.108.40.206, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages.
Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 220.127.116.11, 8.1.x before 18.104.22.168, and 8.2.x before 22.214.171.124 allows local users to gain privileges via unknown vectors.
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.
The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 126.96.36.199, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources.
EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin.
Back to Top