Information disclosure in EMC Avamar - CVE-2016-0904
Published: September 21, 2016
Vulnerability identifier: #VU566
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-0904
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
EMC Avamar
EMC Avamar
Detailed vulnerability description
The vulnerability allows a remote user to get access to the target system.
The weakness exists due to improper access control. If attacker is aware of static encryption key and can control network communications he can easily eavesdrop on the connection.
Successful exploitation of the vulnerability results in malicious user's access to the vulnerable system.
The weakness exists due to improper access control. If attacker is aware of static encryption key and can control network communications he can easily eavesdrop on the connection.
Successful exploitation of the vulnerability results in malicious user's access to the vulnerable system.
How to mitigate CVE-2016-0904
Update to 7.3.0-233.