Description
EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token.
References (9)
Core 9
Core References
Patch, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/407641
Various Sources x_refsource_confirm
http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/14582
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/21892
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16470
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16464
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1014713
Patch, Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/18801
Scores
EPSS
0.1789
EPSS Percentile
95.2%
Details
Status
published
Products (10)
emc/legato_networker
4.2.2
emc/legato_networker
6.0
emc/legato_networker
6.1
emc/legato_networker
7.2
emc/legato_networker
7.13
sun/solstice_backup
6.0
sun/solstice_backup
6.1
sun/storedge_enterprise_backup_software
7.0
sun/storedge_enterprise_backup_software
7.1
sun/storedge_enterprise_backup_software
7.2
Published
Aug 23, 2005
Tracked Since
Feb 18, 2026