Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   EMC Avamar Vendors:   EMC
EMC Avamar Discloses Authentication Information to Remote Users
SecurityTracker Alert ID:  1031118
SecurityTracker URL:
CVE Reference:   CVE-2014-4624   (Links to External Site)
Date:  Oct 24 2014
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.x, 7.0.x through 7.0.2-43
Description:   A vulnerability was reported in EMC Avamar. A remote user can obtain passwords.

A remote user can issue a Java API call to the target EMC Avamar server to obtain account credentials, including MCUser and GSAN account passwords for all grid systems that are being monitored by the EMC Avamar Enterprise Manager.

Jakub Mleczko from the Orange Poland security team reported this vulnerability.

Impact:   A remote user can obtain passwords.
Solution:   The vendor has issued a fix (6.1.1 Hotfix 194399, 6.1.2 Hotfix 196802, 7.0.0 Hotfix 196804, 7.0.1 Hotfix 196535, 7.0.2-47, 7.1; Advisory ESA-2014-096).
Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (FreeBSD), UNIX (HP/UX), UNIX (Open UNIX-SCO), UNIX (macOS/OS X), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC