Avamar

avamar

Vendor: Emc • 10 CVEs

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-0906 1Emc 1Avamar May 6, 2026 Jul 6, 2016 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup...Show more The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation.Show less
CVE-2014-4623 1Emc 1Avamar May 6, 2026 Oct 25, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier f...Show more EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.Show less
CVE-2013-0945 1Emc 1Avamar Apr 29, 2026 May 3, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attack...Show more EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.Show less
CVE-2013-0944 1Emc 1Avamar Apr 29, 2026 May 3, 2013 N/A· v4 N/A· v3 3.5 LOW· v2 The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.
CVE-2012-2291 1Emc 2Avamar Avamar Plugin Apr 29, 2026 Jan 21, 2013 N/A· v4 N/A· v3 7.2 HIGH· v2 EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an...Show more EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack.Show less
CVE-2012-4610 1Emc 1Avamar Apr 29, 2026 Oct 31, 2012 N/A· v4 N/A· v3 3.3 LOW· v2 EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to the proxy client.
CVE-2011-1740 1Emc 1Avamar Apr 29, 2026 Sep 19, 2011 N/A· v4 N/A· v3 7.7 HIGH· v2 EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authenticated users to modify client data or obtain sensitive information about product activities by leveraging privileged access to a different domain.
CVE-2011-0648 1Emc 1Avamar Apr 29, 2026 Mar 16, 2011 N/A· v4 N/A· v3 8.5 HIGH· v2 Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote authenticated users to gain privileges via unknown vectors.
CVE-2011-0442 1Emc 1Avamar Apr 29, 2026 Mar 16, 2011 N/A· v4 N/A· v3 3.5 LOW· v2 The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing...Show more The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network.Show less
CVE-2010-1919 1Emc 1Avamar Apr 29, 2026 May 28, 2010 N/A· v4 N/A· v3 7.1 HIGH· v2 Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allows remote attackers to cause a denial of service (gsan service hang) by sending a crafted message using TCP.