Unrated severityNVD Advisory· Published May 31, 2011· Updated Apr 29, 2026

CVE-2011-0546

Description

Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.

Affected products

Symantec/Backup Exec5 versions
cpe:2.3:a:symantec:backup_exec:11.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:symantec:backup_exec:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:backup_exec:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:backup_exec:12.5:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:backup_exec:13.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:backup_exec:13.0:r2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/44698nvdVendor Advisory
marc.infonvd
securityreason.com/securityalert/8300nvd
www.securityfocus.com/bid/47824nvd
www.symantec.com/security_response/securityupdates/detail.jspnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000