CVE-2017-15549

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
emcavamar_server
7.1-21:sp2
emcavamar_server
7.1-145:sp1
emcavamar_server
7.1-302
emcavamar_server
7.1-370
emcavamar_server
7.2-32:sp1
emcavamar_server
7.2-309
emcavamar_server
7.2-401
emcavamar_server
7.3-125:sp1
emcavamar_server
7.3-211
emcavamar_server
7.3-226
emcavamar_server
7.3-233
emcavamar_server
7.4-58:sp1
emcavamar_server
7.4-242
emcavamar_server
7.5-183
emcintegrated_data_protection_appliance
2.0
emcnetworker
9.0
emcnetworker
9.1
emcnetworker
9.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2018/Jan/17
http://www.securityfocus.com/bid/102363
http://www.securitytracker.com/id/1040070
http://seclists.org/fulldisclosure/2018/Jan/17
http://www.securityfocus.com/bid/102363
http://www.securitytracker.com/id/1040070