CVE Vulnerabilities

CVE-2014-4624

Published: Oct 25, 2014 | Modified: Oct 09, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.

Affected Software

Name Vendor Start Version End Version
6.0 Avamar_virtual_edition * *
6.0.402 Avamar_virtual_edition * *
7.0 Avamar_virtual_edition * *
7.0.2-43 Avamar_virtual_edition * *

References