CVE-2013-4676

Name of the Vulnerable Software and Affected Versions Symantec Backup Exec versions 2010 R3 before 2010 R3 SP3 Symantec Backup Exec versions 2012 before SP2

Description The issue allows remote attackers to inject arbitrary web script or HTML via various vectors in the management console and beutility console, including custom-reports generation page, Storage Devices creation page, jobs creation page, and a Backup Exec server-management page.

Recommendations For Symantec Backup Exec versions 2010 R3 before 2010 R3 SP3, update to 2010 R3 SP3 to resolve the issue. For Symantec Backup Exec versions 2012 before SP2, update to SP2 to resolve the issue. As a temporary workaround, consider restricting access to the custom-reports generation page, Storage Devices creation page, jobs creation page, and the Backup Exec server-management page in the beutility console until a patch is applied.