CVE-2013-4677

Name of the Vulnerable Software and Affected Versions Symantec Backup Exec versions 2010 R3 before 2010 R3 SP3 Symantec Backup Exec versions 2012 before SP2

Description The issue allows local users to obtain sensitive information or modify the outcome of a restore by accessing backup data files directly, due to weak permissions set for these files, specifically Everyone: Read and Everyone: Change.

Recommendations For Symantec Backup Exec version 2010 R3 before 2010 R3 SP3, update to 2010 R3 SP3 or later to resolve the issue. For Symantec Backup Exec version 2012 before SP2, update to SP2 or later to resolve the issue.