Information disclosure in EMC Avamar - CVE-2016-0903
Published: September 21, 2016
Vulnerability identifier: #VU565
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-0903
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
EMC Avamar
EMC Avamar
Detailed vulnerability description
The vulnerability allows a remote user to get access to potentially sensitive information on the target system.
The weakness exists due to authentication flaw. Representing himself as a Avamar client agent attacker can obtain target client's backup data.
Successful exploiatation of the vulnerability results in gaining access to potentially sensitive data.
The weakness exists due to authentication flaw. Representing himself as a Avamar client agent attacker can obtain target client's backup data.
Successful exploiatation of the vulnerability results in gaining access to potentially sensitive data.
How to mitigate CVE-2016-0903
Update to 7.3.0-223.