Unauthenticated Access to EMC Avamar Data Store and Avamar Virtual Edition

Unauthenticated Access to EMC Avamar Data Store and Avamar Virtual Edition

CVE-2014-4624 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.

Learn more about our Api Penetration Testing.