Critical severity9.8NVD Advisory· Published Jun 21, 2017· Updated May 13, 2026

CVE-2017-4989

Description

In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by an attacker to view sensitive information, perform software updates, or run maintenance workflows.

Affected products

N/a/Emc Avamar Server Software 7.3.1 125, 7.3.0 233, 7.3.0 226, 7.2.1 32, 7.2.1 31, 7.2.0 401v5
Range: EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401
EMC Corporation/Avamar Server6 versions
cpe:2.3:a:emc:avamar_server:7.2.0-401:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:emc:avamar_server:7.2.0-401:*:*:*:*:*:*:*
- cpe:2.3:a:emc:avamar_server:7.2.1-31:*:*:*:*:*:*:*
- cpe:2.3:a:emc:avamar_server:7.2.1-32:*:*:*:*:*:*:*
- cpe:2.3:a:emc:avamar_server:7.3.0-226:*:*:*:*:*:*:*
- cpe:2.3:a:emc:avamar_server:7.3.0-233:*:*:*:*:*:*:*
- cpe:2.3:a:emc:avamar_server:7.3.1-125:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/archive/1/540754/30/0/threadednvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/99243nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038718nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000