CVE-2017-4989

Severity CVSS v4.0:
Pending analysis
Type:
CWE-287 Authentication Issues
Publication date:
21/06/2017
Last modified:
20/04/2025

Description

In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by an attacker to view sensitive information, perform software updates, or run maintenance workflows.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:emc:avamar_server:7.2.0-401:*:*:*:*:*:*:*
cpe:2.3:a:emc:avamar_server:7.2.1-31:*:*:*:*:*:*:*
cpe:2.3:a:emc:avamar_server:7.2.1-32:*:*:*:*:*:*:*
cpe:2.3:a:emc:avamar_server:7.3.0-226:*:*:*:*:*:*:*
cpe:2.3:a:emc:avamar_server:7.3.0-233:*:*:*:*:*:*:*
cpe:2.3:a:emc:avamar_server:7.3.1-125:*:*:*:*:*:*:*