CyberSec.Space Logo
返回 CVE 浏览器

CVE-2017-4990

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0240%
EPSS Percentile26.15th
Published2017年6月21日
Last Modified2026年5月13日

Vulnerability Description

In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system.

Affected Platforms (CPE)

📦
Emc

Avamar Server

= 7.3.0-226
📦
Emc

Avamar Server

= 7.3.0-233
📦
Emc

Avamar Server

= 7.3.1-125
📦
Emc

Avamar Server

= 7.4.0-242
📦
Emc

Avamar Server

= 7.4.1-58

References & Advisories

🔗 http://www.securityfocus.com/archive/1/540754/30/0/threaded
🔗 http://www.securityfocus.com/bid/99243
🔗 http://www.securitytracker.com/id/1038718
🔗 http://www.securityfocus.com/archive/1/540754/30/0/threaded
🔗 http://www.securityfocus.com/bid/99243
🔗 http://www.securitytracker.com/id/1038718

相关漏洞威胁

CVE-2020-2949510.0

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote una...

CVE-2020-2949310.0

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthentic...

CVE-2020-53419.8

Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell ...

CVE-2017-49899.8

In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker m...