Skip to main content

Avamar

7 CVEs product

Monthly

CVE-2025-21120 HIGH This Month

Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Avamar
NVD
CVSS 3.1
8.3
EPSS
0.0%
CVE-2016-0906 HIGH This Week

The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Avamar
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2014-4623 MEDIUM This Month

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Avamar
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-0945 CRITICAL Act Now

EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Avamar
NVD
CVSS 2.0
9.3
EPSS
0.2%
CVE-2013-0944 LOW Monitor

The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Avamar
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2012-2291 HIGH This Week

EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Oracle Avamar Avamar Plugin
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2012-4610 LOW Monitor

EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

VMware Authentication Bypass Avamar
NVD
CVSS 2.0
3.3
EPSS
0.2%
EPSS 0% CVSS 8.3
HIGH This Month

Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Avamar
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Avamar
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Avamar
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Avamar
NVD
EPSS 0% CVSS 3.5
LOW Monitor

The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Avamar
NVD
EPSS 0% CVSS 7.2
HIGH This Week

EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Oracle +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

VMware Authentication Bypass Avamar
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy