Networker

networker

Vendor: Emc • 20 CVEs

CVEs (20)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-15550 1Emc 3Avamar Server Integrated Data Protection ApplianceNetworker Nov 21, 2024 Jan 5, 2018 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious...Show more An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal.Show less
CVE-2017-15549 1Emc 3Avamar Server Integrated Data Protection ApplianceNetworker Nov 21, 2024 Jan 5, 2018 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious...Show more An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.Show less
CVE-2017-15548 1Emc 3Avamar Server Integrated Data Protection ApplianceNetworker Nov 21, 2024 Jan 5, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated maliciou...Show more An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.Show less
CVE-2017-8022 1Emc 1Networker May 13, 2026 Oct 18, 2017 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenti...Show more An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system's platform.Show less
CVE-2016-0916 1Emc 1Networker May 6, 2026 Jun 10, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance.
CVE-2015-6849 1Emc 1Networker May 6, 2026 Dec 5, 2015 N/A· v4 N/A· v3 7.8 HIGH· v2 EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages.
CVE-2015-0530 1Emc 1Networker May 6, 2026 Apr 17, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors.
CVE-2014-4620 2Emc Meditech 2Meditech Networker May 6, 2026 Oct 25, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local use...Show more The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.Show less
CVE-2013-3285 1Emc 1Networker Apr 29, 2026 Nov 2, 2013 N/A· v4 N/A· v3 3.5 LOW· v2 The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) u...Show more The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources.Show less
CVE-2013-0943 1Emc 1Networker Apr 29, 2026 Jul 31, 2013 N/A· v4 N/A· v3 4.6 MEDIUM· v2 EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin.
CVE-2013-0940 1Emc 1Networker Apr 29, 2026 May 3, 2013 N/A· v4 N/A· v3 7.2 HIGH· v2 The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and 8.x before 8.0.1.4 sets weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
CVE-2012-4607 1Emc 1Networker Apr 29, 2026 Jan 17, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary code via crafted SunRPC data.
CVE-2012-2288 1Emc 1Networker Apr 29, 2026 Sep 4, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.
CVE-2012-0395 1Emc 1Networker Apr 29, 2026 Jan 27, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unsp...Show more Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.Show less
CVE-2011-1421 1Emc 1Networker Apr 29, 2026 Apr 22, 2011 N/A· v4 N/A· v3 6.9 MEDIUM· v2 EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the client push feature is enabled, uses weak permissions for an unspecified file, which allows local users to gain privileges via unknown vectors.
CVE-2011-0321 1Emc 1Networker Apr 29, 2026 Feb 1, 2011 N/A· v4 N/A· v3 6.4 MEDIUM· v2 librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which allows remote attackers...Show more librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which allows remote attackers to (1) register or (2) unregister RPC services, and consequently cause a denial of service or obtain sensitive information from interprocess communication, via crafted UDP packets containing service commands.Show less
CVE-2006-3892 1Emc 1Networker Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands.
CVE-2002-0114 1Emc 1Networker Apr 16, 2026 Mar 25, 2002 N/A· v4 N/A· v3 4.6 MEDIUM· v2 EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: this was originally rep...Show more EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.Show less
CVE-2002-0113 1Emc 1Networker Apr 16, 2026 Mar 25, 2002 N/A· v4 N/A· v3 4.6 MEDIUM· v2 EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOT...Show more EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.Show less
CVE-2001-0910 1Emc 1Networker Apr 16, 2026 Nov 21, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP add...Show more Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP address whose hostname can not be determined by a DNS reverse lookup.Show less