Symantec Backup Exec Server Multiple Vulnerabilities (SYM13-009)
Medium Nessus Plugin ID 69263
SynopsisThe remote Windows host contains a backup server that is affected by multiple vulnerabilities.
DescriptionAccording to its version number, the Symantec Backup Exec Server installed on the remote Windows host is affected by multiple vulnerabilities :
- Multiple cross-site scripting vulnerabilities exist in the management console and the beutility console.
- Backup and restore data files are stored with weak ACLs, allowing read/write access to everyone. (CVE-2013-4677)
- The NMDP protocol leaks host versioning information.
SolutionUpgrade to Symantec Backup Exec 2010 R3 SP3, 2012 SP2 or later.