CVE-2013-4677 - OpenCVE

Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Symantec	Backup Exec

Configuration 1 [-]

OR	cpe:2.3:a:symantec:backup_exec:2010:::::::*
	cpe:2.3:a:symantec:backup_exec:2010_r3:sp1::::::
	cpe:2.3:a:symantec:backup_exec:2010_r3:sp2::::::
	cpe:2.3:a:symantec:backup_exec:2012:::::::*
	cpe:2.3:a:symantec:backup_exec:2012:sp1::::::

No data.

References

Link	Providers
http://osvdb.org/95939
http://www.securityfocus.com/bid/61487
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00

History

No history.

MITRE

Status: PUBLISHED

Assigner: symantec

Published: 2013-08-04T20:00:00

Updated: 2024-08-06T16:52:26.943Z

Reserved: 2013-06-24T00:00:00

Link: CVE-2013-4677

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-08-05T13:22:52.693

Modified: 2013-08-22T06:54:30.987

Link: CVE-2013-4677

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-08-01T00:00:00", "descriptions": [{"lang": "en", "value": "Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-08-22T09:00:00", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00"}, {"name": "95939", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/95939"}, {"name": "61487", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/61487"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@symantec.com", "ID": "CVE-2013-4677", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00", "refsource": "CONFIRM", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00"}, {"name": "95939", "refsource": "OSVDB", "url": "http://osvdb.org/95939"}, {"name": "61487", "refsource": "BID", "url": "http://www.securityfocus.com/bid/61487"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:52:26.943Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00"}, {"name": "95939", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/95939"}, {"name": "61487", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/61487"}]}]}, "cveMetadata": {"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2013-4677", "datePublished": "2013-08-04T20:00:00", "dateReserved": "2013-06-24T00:00:00", "dateUpdated": "2024-08-06T16:52:26.943Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:backup_exec:2010:*:*:*:*:*:*:*", "matchCriteriaId": "006EB76F-8F6B-4D19-81AB-B9133CBC1F47", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:backup_exec:2010_r3:sp1:*:*:*:*:*:*", "matchCriteriaId": "FD144D8C-99FA-44DC-949D-DF938AC3C6E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:backup_exec:2010_r3:sp2:*:*:*:*:*:*", "matchCriteriaId": "ADFAEEFA-E438-4611-A42E-A70C8F4D3F68", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:backup_exec:2012:*:*:*:*:*:*:*", "matchCriteriaId": "632557AF-509E-4FF8-B0CC-A44ABC56645B", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:backup_exec:2012:sp1:*:*:*:*:*:*", "matchCriteriaId": "DBDF5A56-FE35-49C8-A94B-FE120D2B714B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files."}, {"lang": "es", "value": "Symantec Backup Exec v2010 R3 anterior a v2010 R3 SP3 y v2012 anterior a SP2 utiliza permisos d\u00e9biles (todos los usuarios: Lectura y todos los usuarios: Cambiar) para archivos de datos de copia de seguridad, lo que permite a usuarios locales obtener informaci\u00f3n sensible o modificar el resultado de una restauraci\u00f3n a trav\u00e9s del acceso directo a estos ficheros."}], "id": "CVE-2013-4677", "lastModified": "2013-08-22T06:54:30.987", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-08-05T13:22:52.693", "references": [{"source": "secure@symantec.com", "url": "http://osvdb.org/95939"}, {"source": "secure@symantec.com", "url": "http://www.securityfocus.com/bid/61487"}, {"source": "secure@symantec.com", "tags": ["Vendor Advisory"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}