Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-4634

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2014-4634
Last Modified 24 Mar 2015 04:51:08
Published 30 Dec 2014 10:59:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2014-4634

Summary

Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

Vulnerable Systems

Application

  • Emc Appsync 2.0

  • Emc Replication Manager 5.0

  • Emc Replication Manager 5.1

  • Emc Replication Manager 5.2

  • Emc Replication Manager 5.3

  • Emc Replication Manager 5.4

  • Emc Replication Manager 5.4.3

  • Emc Replication Manager 5.5

  • Emc Replication Manager 5.5.1

  • Emc Replication Manager 5.5.2


References

BUGTRAQ - 20141230 ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability


Last Updated: 27 May 2016 11:07:22