EMC NetWorker Module for Microsoft Applications (NMM) contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an error occurs during the installation or upgrade of an exchange server or NMM. This may allow a local attacker to gain access to clear text administrative credentials.

Upgrade to version 2.3 build 122 or 2.4 build 375 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1027647
• CVE ID: 2012-2284 (see also: NVD)
• Secunia Advisory ID: 50957
• Related OSVDB ID: 86158
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2012-10/att-0068/ESA-2012-025.txt
• Vendor URL: http://www.emc.com/backup-and-recovery/networker/networker.htm

• Not Available