VYPR

Avamar Server Virtual Edition

by EMC Corporation

CVEs (17)

  • CVE-2016-0903CriSep 21, 2016
    risk 0.59cvss 9.1epss 0.03

    Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent.

  • CVE-2016-0906HigJul 6, 2016
    risk 0.57cvss 8.8epss 0.02

    The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation.

  • CVE-2016-0904HigSep 21, 2016
    risk 0.56cvss 8.6epss 0.01

    Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server…

  • CVE-2016-0909HigNov 15, 2016
    risk 0.55cvss 8.4epss 0.00

    EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users.

  • CVE-2016-0920HigSep 21, 2016
    risk 0.51cvss 7.8epss 0.00

    Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration.

  • CVE-2016-8214MedJan 25, 2017
    risk 0.44cvss 6.7epss 0.00

    EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers.

  • CVE-2016-0905MedSep 21, 2016
    risk 0.44cvss 6.7epss 0.00

    Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command.

  • CVE-2026-22762MedFeb 17, 2026
    risk 0.42cvss 6.5epss 0.00

    Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially…

  • CVE-2016-0921MedSep 21, 2016
    risk 0.42cvss 6.5epss 0.00

    Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program.

  • CVE-2018-15765Oct 18, 2018
    risk 0.00cvss epss 0.00

    Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious…

  • CVE-2018-11079Oct 18, 2018
    risk 0.00cvss epss 0.00

    Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed…

  • CVE-2018-11080Oct 18, 2018
    risk 0.00cvss epss 0.00

    Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents…

  • CVE-2015-4527Jul 23, 2015
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters.

  • CVE-2014-4632Feb 1, 2015
    risk 0.00cvss epss 0.01

    VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows…

  • CVE-2014-4624Oct 25, 2014
    risk 0.00cvss epss 0.03

    EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.

  • CVE-2013-3275Jul 19, 2013
    risk 0.00cvss epss 0.01

    EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame…

  • CVE-2013-3274Jul 19, 2013
    risk 0.00cvss epss 0.03

    EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspecified vectors.