Details of VAR-190001-0244

ID

VAR-190001-0244

TITLE

Barracuda Backup Service Multiple Security Vulnerabilities

Trust: 0.9

sources: BID: 49802 // CNNVD: CNNVD-201109-650

DESCRIPTION

Barracuda Backup Service is a network backup solution. Barracudas Backup v2.x has multiple persistent input validation vulnerabilities, local low privileged user accounts or remote attackers (using user interaction) can implement/inject malicious persistent script code (Java/HTML) that can lead to sensitive information disclosure , access the intranet available server and operate part of the content. Affected Module: [+] E-Mail Message Browser - Filter[+] Expressions[+] Exclsuion Rules Image: ../ive1.png../ive2.png../ive3.png../ive4.png. Barracuda Backup Service is prone to multiple vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML or script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible

Trust: 0.81

sources: CNVD: CNVD-2011-3943 // BID: 49802

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2011-3943

AFFECTED PRODUCTS

vendor:

barracuda

model:

networks barracuda backup service

scope:

version:

2.0

Trust: 0.9

sources: CNVD: CNVD-2011-3943 // BID: 49802

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201109-650

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 49802

PATCH

title:

Barracudas Backup has multiple patches for input validation vulnerabilities

url:

https://www.cnvd.org.cn/patchinfo/show/5237

Trust: 0.6

sources: CNVD: CNVD-2011-3943

EXTERNAL IDS

db:	BID	id:	49802	Trust: 1.5
db:	CNVD	id:	CNVD-2011-3943	Trust: 0.6
db:	CNNVD	id:	CNNVD-201109-650	Trust: 0.6

sources: CNVD: CNVD-2011-3943 // BID: 49802 // CNNVD: CNNVD-201109-650

REFERENCES

url:	http://www.vulnerability-lab.com/get_content.php?id=31	Trust: 1.5
url:	http://www.securityfocus.com/bid/49802	Trust: 0.6
url:	http://www.barracudanetworks.com/ns/products/backup_overview.php	Trust: 0.3

sources: CNVD: CNVD-2011-3943 // BID: 49802 // CNNVD: CNNVD-201109-650

CREDITS

Benjamin Kunz Mejri

Trust: 0.9

sources: BID: 49802 // CNNVD: CNNVD-201109-650

SOURCES

db:	CNVD	id:	CNVD-2011-3943
db:	BID	id:	49802
db:	CNNVD	id:	CNNVD-201109-650

LAST UPDATE DATE

2022-05-17T01:52:16.351000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-3943	date:	2011-09-29T00:00:00
db:	BID	id:	49802	date:	2011-09-28T00:00:00
db:	CNNVD	id:	CNNVD-201109-650	date:	2011-10-26T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2011-3943	date:	2011-09-29T00:00:00
db:	BID	id:	49802	date:	2011-09-28T00:00:00
db:	CNNVD	id:	CNNVD-201109-650	date:	1900-01-01T00:00:00