CVE-2014-4624 - Vulnerability Details - OpenCVE

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Avamar Virtual Edition	6.0 6.0.402 7.0 7.0.2-43

Configuration 1 [-]

OR	cpe:2.3:a:avamar_virtual_edition:6.0::::::::
	cpe:2.3:a:avamar_virtual_edition:6.0.402::::::::
	cpe:2.3:a:avamar_virtual_edition:7.0::::::::
	cpe:2.3:a:avamar_virtual_edition:7.0.2-43::::::::

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2014-10/0147.html
http://packetstormsecurity.com/files/128843/EMC-Avamar-Sensitive-Information-Disclosure.html
http://packetstormsecurity.com/files/128850/VMware-Security-Advisory-2014-0011.html
http://secunia.com/advisories/61663
http://secunia.com/advisories/61950
http://www.securityfocus.com/archive/1/533813/100/0/threaded
http://www.securityfocus.com/bid/70709
http://www.securitytracker.com/id/1031114
http://www.securitytracker.com/id/1031118
http://www.vmware.com/security/advisories/VMSA-2014-0011.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/97729

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2014-10-25T10:00:00

Updated: 2024-08-06T11:20:26.684Z

Reserved: 2014-06-24T00:00:00

Link: CVE-2014-4624

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-10-25T10:55:06.117

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-4624

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-10-22T00:00:00", "descriptions": [{"lang": "en", "value": "EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "1031118", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031118"}, {"name": "61663", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61663"}, {"name": "61950", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61950"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/128850/VMware-Security-Advisory-2014-0011.html"}, {"name": "1031114", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031114"}, {"name": "70709", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/70709"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0011.html"}, {"name": "20141022 ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0147.html"}, {"name": "vsphere-data-cve20144624-info-disc(97729)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97729"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/128843/EMC-Avamar-Sensitive-Information-Disclosure.html"}, {"name": "20141024 NEW VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/533813/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2014-4624", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1031118", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031118"}, {"name": "61663", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61663"}, {"name": "61950", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61950"}, {"name": "http://packetstormsecurity.com/files/128850/VMware-Security-Advisory-2014-0011.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/128850/VMware-Security-Advisory-2014-0011.html"}, {"name": "1031114", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031114"}, {"name": "70709", "refsource": "BID", "url": "http://www.securityfocus.com/bid/70709"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2014-0011.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2014-0011.html"}, {"name": "20141022 ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0147.html"}, {"name": "vsphere-data-cve20144624-info-disc(97729)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97729"}, {"name": "http://packetstormsecurity.com/files/128843/EMC-Avamar-Sensitive-Information-Disclosure.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/128843/EMC-Avamar-Sensitive-Information-Disclosure.html"}, {"name": "20141024 NEW VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/533813/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:20:26.684Z"}, "title": "CVE Program Container", "references": [{"name": "1031118", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031118"}, {"name": "61663", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61663"}, {"name": "61950", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61950"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/128850/VMware-Security-Advisory-2014-0011.html"}, {"name": "1031114", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031114"}, {"name": "70709", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/70709"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0011.html"}, {"name": "20141022 ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0147.html"}, {"name": "vsphere-data-cve20144624-info-disc(97729)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97729"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/128843/EMC-Avamar-Sensitive-Information-Disclosure.html"}, {"name": "20141024 NEW VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/533813/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2014-4624", "datePublished": "2014-10-25T10:00:00", "dateReserved": "2014-06-24T00:00:00", "dateUpdated": "2024-08-06T11:20:26.684Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avamar_virtual_edition:6.0:*:*:*:*:*:*:*:*", "matchCriteriaId": "946A34E5-5E26-4B80-B5CD-3DC40B0BEB38", "vulnerable": true}, {"criteria": "cpe:2.3:a:avamar_virtual_edition:6.0.402:*:*:*:*:*:*:*:*", "matchCriteriaId": "3759939D-8DBB-48C8-8937-B68982D9C1EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:avamar_virtual_edition:7.0:*:*:*:*:*:*:*:*", "matchCriteriaId": "D539278A-DFC8-4A8C-AB31-E28E4D97115A", "vulnerable": true}, {"criteria": "cpe:2.3:a:avamar_virtual_edition:7.0.2-43:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C0C1630-854F-4FDA-8BFE-317B046D39F7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call."}, {"lang": "es", "value": "EMC Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) 6.x y 7.0.x hasta 7.0.2-43 no requieren autenticaci\u00f3n para llamadas a la API Java, lo que permite a atacantes remotos descubrir las contrase\u00f1as de grid MCUser y GSAN a trav\u00e9s de una llamada manipulada."}], "id": "CVE-2014-4624", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-25T10:55:06.117", "references": [{"source": "security_alert@emc.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0147.html"}, {"source": "security_alert@emc.com", "url": "http://packetstormsecurity.com/files/128843/EMC-Avamar-Sensitive-Information-Disclosure.html"}, {"source": "security_alert@emc.com", "url": "http://packetstormsecurity.com/files/128850/VMware-Security-Advisory-2014-0011.html"}, {"source": "security_alert@emc.com", "url": "http://secunia.com/advisories/61663"}, {"source": "security_alert@emc.com", "url": "http://secunia.com/advisories/61950"}, {"source": "security_alert@emc.com", "url": "http://www.securityfocus.com/archive/1/533813/100/0/threaded"}, {"source": "security_alert@emc.com", "url": "http://www.securityfocus.com/bid/70709"}, {"source": "security_alert@emc.com", "url": "http://www.securitytracker.com/id/1031114"}, {"source": "security_alert@emc.com", "url": "http://www.securitytracker.com/id/1031118"}, {"source": "security_alert@emc.com", "url": "http://www.vmware.com/security/advisories/VMSA-2014-0011.html"}, {"source": "security_alert@emc.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97729"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0147.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/128843/EMC-Avamar-Sensitive-Information-Disclosure.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/128850/VMware-Security-Advisory-2014-0011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/61663"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/61950"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/533813/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/70709"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1031114"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1031118"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/security/advisories/VMSA-2014-0011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97729"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}