Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2012-2291
cve-2012-2291
emc avamar
client
plugin
vulnerability
hp-ux
mac os x
symlink attack
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack.
Affected configurations
Node
emcavamarMatch4.0
ORemcavamarMatch4.1
ORemcavamarMatch5.0
ORemcavamarMatch5.0sp1
ORemcavamarMatch5.0sp2
ORemcavamarMatch5.0.0-407
ORemcavamarMatch5.0.4-26
ORemcavamarMatch6.0
applemac_os_x
ORhphp-ux
Node
emcavamar_pluginMatch4.0-
ORemcavamar_pluginMatch5.0-
ORemcavamar_pluginMatch6.0-
ORemcavamar_pluginMatch6.1-
Related
securityvulns
securityvulns
EMC Avamar weak permissions
2013-01-27 00:00:00
Re: EMC Avamar: World writable cache files
2013-01-27 00:00:00
cvelist
cvelist
CVE-2012-2291
2022-10-03 16:15:37
prion
prion
Design/Logic Flaw
2013-01-21 21:55:00
nvd
nvd
CVE-2012-2291
2013-01-21 21:55:00
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2012-2291