Main Vulnerability Database Vulnerabilities #VU42679

Information disclosure in Backup Exec - CVE-2013-4678

Published: August 5, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU42679

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-4678

CWE-ID: CWE-200

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Veritas Technologies

Affected software:
Backup Exec

Detailed vulnerability description

The vulnerability allows a remote #AU# to gain access to sensitive information.

The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors.

How to mitigate CVE-2013-4678

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/61488
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00

Information disclosure in Backup Exec - CVE-2013-4678

Detailed vulnerability description

How to mitigate CVE-2013-4678

Sources

Please verify you're human