CVE-2014-4624

Name of the Vulnerable Software and Affected Versions EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 6.x and 7.0.x through 7.0.2-43

Description The issue allows remote attackers to discover grid MCUser and GSAN passwords via a crafted Java API call, as no authentication is required for Java API calls.

Recommendations For versions 6.x and 7.0.x through 7.0.2-43, consider restricting access to the Java API until a fix is available, and avoid using the affected API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.