Michael Cramer

Name of the Vulnerable Software and Affected Versions: EMC Avamar Server versions 7.1.x through 7.5.0 EMC NetWorker Virtual Edition (NVE) versions 9.0.x through 9.2.x EMC Integrated Data Protection Appliance version 2.0 Description: A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system. Recommendations: For EMC Avamar Server versions 7.1.x through 7.5.0, restrict access to file upload functionality to minimize the risk of exploitation. For EMC NetWorker Virtual Edition (NVE) versions 9.0.x through 9.2.x, consider disabling file upload features until a fix is available. For EMC Integrated Data Protection Appliance version 2.0, limit user privileges to prevent unauthorized file uploads.

**Name of the Vulnerable Software and Affected Versions** EMC Avamar Server versions 7.1.x through 7.5.0 EMC NetWorker Virtual Edition (NVE) versions 9.0.x through 9.2.x EMC Integrated Data Protection Appliance version 2.0 **Description** The issue is related to weaknesses in the authentication procedure of the affected systems. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the systems. The vulnerability can be exploited by a remote attacker to bypass authentication and obtain root access. **Recommendations** For EMC Avamar Server versions 7.1.x through 7.5.0, update to a version that addresses the authentication bypass issue. For EMC NetWorker Virtual Edition (NVE) versions 9.0.x through 9.2.x, update to a version that addresses the authentication bypass issue. For EMC Integrated Data Protection Appliance version 2.0, update to a version that addresses the authentication bypass issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.