1. Home
  2. CVE Database
  3. CVE-2014-4624
MEDIUM · 5.0

CVE-2014-4624

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and ...

Vulnerability Description

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
Avamar Virtual Edition6.0All versions
Avamar Virtual Edition6.0.402All versions
Avamar Virtual Edition7.0All versions
Avamar Virtual Edition7.0.2-43All versions

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2014-4624?

CVE-2014-4624 is a vulnerability with a CVSS score of 5.0 (MEDIUM). EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and ...

How severe is CVE-2014-4624?

CVE-2014-4624 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-4624?

Check the references section above for vendor advisories and patch information. Affected products include: Avamar Virtual Edition 6.0, Avamar Virtual Edition 6.0.402, Avamar Virtual Edition 7.0, Avamar Virtual Edition 7.0.2-43.