Arbitrary File Upload Vulnerability in EMC Avamar Server, EMC NetWorker Virtual Edition, and EMC Integrated Data Protection Appliance

Arbitrary File Upload Vulnerability in EMC Avamar Server, EMC NetWorker Virtual Edition, and EMC Integrated Data Protection Appliance

CVE-2017-15549 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.

Learn more about our Cis Benchmark Audit For Server Software.