KLA10351
Multiple vulnerabilities in Symantec Backup Exec
Updated: 06/01/2019
Detect date
?
08/05/2013
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Symantec Backup Exec. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, read-write backup files, inject scripts and execute arbitrary code Below is a complete list of vulnerabilities

  1. Vectors related to NDMP protocol can be exploited remotely;
  2. Weak file permissions can be exploited locally via file modification;
  3. XSS vulnerabilities can be exploited remotely via vectors related to web interface;
  4. A buffer overflow can be exploited remotely via unspecified vectors.
Affected products

Symantec Backup Exec 2010 R3 service packs 2 and earlier
Symantec Backup Exec 2012 service packs 1 and earlier

Solution

Update to latest version

Original advisories

Symantec advisory

Impacts
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

CI 
[?]

WLF 
[?]

RLF 
[?]
Related products
VERITAS Backup Exec
CVE-IDS
?
CVE-2013-46782.7Warning
CVE-2013-46764.3Warning
CVE-2013-46774.3Warning
CVE-2013-45757.9Critical