PT-2013-5127 · Symantec · Symantec Backup Exec

Published

2013-08-04

Updated

2013-08-22

CVE-2013-4677

CVSS v2.0

4.3

Medium

Vector

AV:L/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Symantec Backup Exec versions 2010 R3 before 2010 R3 SP3 Symantec Backup Exec versions 2012 before SP2

Description The issue allows local users to obtain sensitive information or modify the outcome of a restore by accessing backup data files directly, due to weak permissions set for these files, specifically Everyone: Read and Everyone: Change.

Recommendations For Symantec Backup Exec version 2010 R3 before 2010 R3 SP3, update to 2010 R3 SP3 or later to resolve the issue. For Symantec Backup Exec version 2012 before SP2, update to SP2 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-4677

Affected Products

Symantec Backup Exec

PT-2013-5127 · Symantec · Symantec Backup Exec

CVE-2013-4677

Weakness Enumeration

Related Identifiers

Affected Products

References · 4