CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-6329

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0130%
EPSS Percentile23.68th
Published2018年3月14日
Last Modified2024年11月21日

Vulnerability Description

It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.

Affected Platforms (CPE)

📦
Unitrends

Backup

< 10.1.10

References & Advisories

🔗 https://support.unitrends.com/UnitrendsBackup/s/article/000001150
🔗 https://support.unitrends.com/UnitrendsBackup/s/article/000006003
🔗 https://www.exploit-db.com/exploits/44297/
🔗 https://www.exploit-db.com/exploits/45913/
🔗 https://support.unitrends.com/UnitrendsBackup/s/article/000001150
🔗 https://support.unitrends.com/UnitrendsBackup/s/article/000006003
🔗 https://www.exploit-db.com/exploits/44297/
🔗 https://www.exploit-db.com/exploits/45913/

関連する脆弱性情報

CVE-1999-060310.0

In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, P...

CVE-2020-2949310.0

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthentic...

CVE-2021-2879910.0

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, th...

CVE-2001-037210.0

Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a default group account :backup with no password, which allows a ...