CVE-2013-3275 - Vulnerability Details

Vendors	Products
Emc	Avamar Server Avamar Server Virtual Edition

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to \"cross frame scripting vulnerabilities.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-07-18T22:00:00Z", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "20130717 ESA-2013-055: EMC Avamar Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2013-3275", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to \"cross frame scripting vulnerabilities.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20130717 ESA-2013-055: EMC Avamar Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:07:37.129Z"}, "title": "CVE Program Container", "references": [{"name": "20130717 ESA-2013-055: EMC Avamar Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2013-3275", "datePublished": "2013-07-18T22:00:00Z", "dateReserved": "2013-04-26T00:00:00Z", "dateUpdated": "2024-09-17T01:35:55.858Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities." (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2013-07-18T22:00:00Z (string)

orgId : c550e75a-17ff-4988-97f0-544cde3820fe (string)

shortName : dell (string)

}

references : [ »

0 : { »

name : 20130717 ESA-2013-055: EMC Avamar Multiple Vulnerabilities (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security_alert@emc.com (string)

ID : CVE-2013-3275 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities." (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 20130717 ESA-2013-055: EMC Avamar Multiple Vulnerabilities (string)

refsource : BUGTRAQ (string)

url : http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T16:07:37.129Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 20130717 ESA-2013-055: EMC Avamar Multiple Vulnerabilities (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : c550e75a-17ff-4988-97f0-544cde3820fe (string)

assignerShortName : dell (string)

cveId : CVE-2013-3275 (string)

datePublished : 2013-07-18T22:00:00Z (string)

dateReserved : 2013-04-26T00:00:00Z (string)

dateUpdated : 2024-09-17T01:35:55.858Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:avamar_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA294375-CF0F-446C-8991-22B63809A556", "versionEndIncluding": "6.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:avamar_server:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E4CEE5DA-62BD-4305-B8A1-8E0A3658ADC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:avamar_server:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "F422350E-D1B5-4C29-9840-F1D4AE865D7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:avamar_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1F9F9112-5CF6-4E9B-8DDF-6235E35DB4CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:avamar_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "641AE615-F18D-4E2D-AFC6-507B6094B4CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:avamar_server_virtual_edition:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFF7BF25-233A-474B-8E57-2D0863AB7A10", "versionEndIncluding": "6.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:avamar_server_virtual_edition:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "D2E18A63-4315-48A8-A2D8-61349C0C99D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:avamar_server_virtual_edition:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "09242E14-0423-428E-801B-CB454574C474", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:avamar_server_virtual_edition:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "ED8D74A4-9147-4DD6-88C9-5EED728F10AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:avamar_server_virtual_edition:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E8B9B711-8659-4624-8FBB-122DCD96BCE2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to \"cross frame scripting vulnerabilities.\""}, {"lang": "es", "value": "EMC Avamar Server y Avamar Virtual Edition anterior a v7.0 en plataformas Data Store Gen3, Gen4, y Gen4s no restringe correctamente el uso de elementos FRAME, lo que hace m\u00e1s f\u00e1cil para atacantes remotos obtener informaci\u00f3n sensible mediante un sitio web especialmente dise\u00f1ado, relacionado con \"cross frame scripting vulnerabilities.\""}], "id": "CVE-2013-3275", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-07-19T14:36:13.060", "references": [{"source": "security_alert@emc.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:emc:avamar_server:*:*:*:*:*:*:*:* (string)

matchCriteriaId : AA294375-CF0F-446C-8991-22B63809A556 (string)

versionEndIncluding : 6.1 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:emc:avamar_server:4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : E4CEE5DA-62BD-4305-B8A1-8E0A3658ADC9 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:emc:avamar_server:4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : F422350E-D1B5-4C29-9840-F1D4AE865D7B (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:emc:avamar_server:5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 1F9F9112-5CF6-4E9B-8DDF-6235E35DB4CF (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:emc:avamar_server:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 641AE615-F18D-4E2D-AFC6-507B6094B4CF (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:emc:avamar_server_virtual_edition:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FFF7BF25-233A-474B-8E57-2D0863AB7A10 (string)

versionEndIncluding : 6.1 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:emc:avamar_server_virtual_edition:4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : D2E18A63-4315-48A8-A2D8-61349C0C99D8 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:emc:avamar_server_virtual_edition:4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 09242E14-0423-428E-801B-CB454574C474 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:emc:avamar_server_virtual_edition:5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : ED8D74A4-9147-4DD6-88C9-5EED728F10AD (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:emc:avamar_server_virtual_edition:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : E8B9B711-8659-4624-8FBB-122DCD96BCE2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities." (string)

}

1 : { »

lang : es (string)

value : EMC Avamar Server y Avamar Virtual Edition anterior a v7.0 en plataformas Data Store Gen3, Gen4, y Gen4s no restringe correctamente el uso de elementos FRAME, lo que hace más fácil para atacantes remotos obtener información sensible mediante un sitio web especialmente diseñado, relacionado con "cross frame scripting vulnerabilities." (string)

}

]

id : CVE-2013-3275 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

}

published : 2013-07-19T14:36:13.060 (string)

references : [ »

0 : { »

source : security_alert@emc.com (string)

url : http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://archives.neohapsis.com/archives/bugtraq/2013-07/0114.html (string)

}

]

sourceIdentifier : security_alert@emc.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object