Lucene search

DellCVE-2013-3275

HistoryJul 19, 2013 - 2:36 p.m.

CVE-2013-3275

2013-07-1914:36:13

CWE-20

dell

web.nvd.nist.gov

cve-2013-3275

emc avamar

data store

gen3

gen4

gen4s

cross frame scripting vulnerabilities

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

48.8%

JSON

EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to “cross frame scripting vulnerabilities.”

Affected configurations

Nvd

Node

emcavamar_serverRange≤6.1

emcavamar_serverMatch4.0

emcavamar_serverMatch4.1

emcavamar_serverMatch5.0

emcavamar_serverMatch6.0

emcavamar_server_virtual_editionRange≤6.1

emcavamar_server_virtual_editionMatch4.0

emcavamar_server_virtual_editionMatch4.1

emcavamar_server_virtual_editionMatch5.0

emcavamar_server_virtual_editionMatch6.0

VendorProductVersionCPE
emcavamar_server*cpe:2.3:a:emc:avamar_server:*:*:*:*:*:*:*:*
emcavamar_server4.0cpe:2.3:a:emc:avamar_server:4.0:*:*:*:*:*:*:*
emcavamar_server4.1cpe:2.3:a:emc:avamar_server:4.1:*:*:*:*:*:*:*
emcavamar_server5.0cpe:2.3:a:emc:avamar_server:5.0:*:*:*:*:*:*:*
emcavamar_server6.0cpe:2.3:a:emc:avamar_server:6.0:*:*:*:*:*:*:*
emcavamar_server_virtual_edition*cpe:2.3:a:emc:avamar_server_virtual_edition:*:*:*:*:*:*:*:*
emcavamar_server_virtual_edition4.0cpe:2.3:a:emc:avamar_server_virtual_edition:4.0:*:*:*:*:*:*:*
emcavamar_server_virtual_edition4.1cpe:2.3:a:emc:avamar_server_virtual_edition:4.1:*:*:*:*:*:*:*
emcavamar_server_virtual_edition5.0cpe:2.3:a:emc:avamar_server_virtual_edition:5.0:*:*:*:*:*:*:*
emcavamar_server_virtual_edition6.0cpe:2.3:a:emc:avamar_server_virtual_edition:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	avamar_server	*	cpe:2.3:a:emc:avamar_server::::::::
emc	avamar_server	4.0	cpe:2.3:a:emc:avamar_server:4.0:::::::*
emc	avamar_server	4.1	cpe:2.3:a:emc:avamar_server:4.1:::::::*
emc	avamar_server	5.0	cpe:2.3:a:emc:avamar_server:5.0:::::::*
emc	avamar_server	6.0	cpe:2.3:a:emc:avamar_server:6.0:::::::*
emc	avamar_server_virtual_edition	*	cpe:2.3:a:emc:avamar_server_virtual_edition::::::::
emc	avamar_server_virtual_edition	4.0	cpe:2.3:a:emc:avamar_server_virtual_edition:4.0:::::::*
emc	avamar_server_virtual_edition	4.1	cpe:2.3:a:emc:avamar_server_virtual_edition:4.1:::::::*
emc	avamar_server_virtual_edition	5.0	cpe:2.3:a:emc:avamar_server_virtual_edition:5.0:::::::*
emc	avamar_server_virtual_edition	6.0	cpe:2.3:a:emc:avamar_server_virtual_edition:6.0:::::::*

References

archives.neohapsis.com/archives/bugtraq/2013-07/0114.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

48.8%

JSON

Related for CVE-2013-3275