CVE-2016-0906

The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
emcavamar
𝑥
≤ 7.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/bugtraq/2016/Jul/33
http://www.securitytracker.com/id/1036235
http://seclists.org/bugtraq/2016/Jul/33
http://www.securitytracker.com/id/1036235