Description
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040070
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102363
Issue Tracking, Mailing List, Third Party Advisory x_refsource_confirm
http://seclists.org/fulldisclosure/2018/Jan/17
Scores
CVSS v3
8.8
EPSS
0.0129
EPSS Percentile
79.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (18)
emc/avamar_server
7.1-21 sp2
emc/avamar_server
7.1-145 sp1
emc/avamar_server
7.1-302
emc/avamar_server
7.1-370
emc/avamar_server
7.2-32 sp1
emc/avamar_server
7.2-309
emc/avamar_server
7.2-401
emc/avamar_server
7.3-125 sp1
emc/avamar_server
7.3-211
emc/avamar_server
7.3-226
... and 8 more
Published
Jan 05, 2018
Tracked Since
Feb 18, 2026