CVE-2013-4678

Published: Aug 5, 2013Modified: Apr 29, 2026

2.7

Vector

AV:A/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 5.1 / Impact: 2.9

Source: NVD

Description

The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors.

Affected (5)

Products: Symantec: Backup Exec

Symantec

1 product

Backup Exec

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Symantec Backup Exec	Version 2010
Symantec Backup Exec	Version 2010_r3 sp1
Symantec Backup Exec	Version 2010_r3 sp2
Symantec Backup Exec	Version 2012
Symantec Backup Exec	Version 2012 sp1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.securityfocus.com/bid/61488

Source: secure@symantec.com

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00

Source: secure@symantec.com

Vendor Advisory

http://www.securityfocus.com/bid/61488

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.