KLA10351
Multiple vulnerabilities in Symantec Backup Exec
Обновлено: 17/06/2019
Дата обнаружения
05/08/2013
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Symantec Backup Exec. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, read-write backup files, inject scripts and execute arbitrary code Below is a complete list of vulnerabilities

  1. Vectors related to NDMP protocol can be exploited remotely;
  2. Weak file permissions can be exploited locally via file modification;
  3. XSS vulnerabilities can be exploited remotely via vectors related to web interface;
  4. A buffer overflow can be exploited remotely via unspecified vectors.
Пораженные продукты

Symantec Backup Exec 2010 R3 service packs 2 and earlier
Symantec Backup Exec 2012 service packs 1 and earlier

Решение

Update to latest version

Первичный источник обнаружения
Symantec advisory
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

CI 
[?]

WLF 
[?]

RLF 
[?]
Связанные продукты
VERITAS Backup Exec
CVE-IDS
CVE-2013-46782.7Warning
CVE-2013-46764.3Warning
CVE-2013-46774.3Warning
CVE-2013-45757.9Critical