Skip to the content.

CVE-2021-26474 - Unauthenticated server side request forgery in Vembu products

CVE CVE-2021-26474
Discovered by
(Additional) researcher(s)
Products
  • 360DR
  • BackSpace
  • BackupService
  • BackupSolution
  • BaltnetaOnlineBackup
  • ClearPointBackup
  • CloudBackup
  • CloudBasedBackup
  • CloudStor
  • CloudStore
  • CtrlSDataAssurance
  • DataAddicts
  • DataBackup
  • DataCrib
  • DataVault
  • DBS
  • EclipseBaaS
  • EnklareBackup
  • FastBackup
  • Guardian
  • HotlinkBackup
  • IronVault
  • iwksbackup
  • Level365OnlineBackup
  • LocalTel_RDS
  • MBCBackup
  • Netbackup
  • NetrepidHostedBackups
  • OffsiteVAULT
  • OnlineBackup_Client
  • OnyxSync
  • Opusbackup
  • P2VOnlineBackup
  • ProdigyBackup
  • QloudwiseBackup
  • RAKVault
  • ReflexBackups
  • RemoteDataRecovery
  • saf-gate
  • SamcoStor
  • SM4Store
  • StoreGrid
  • StoreSafeDC
  • StorNet
  • STPOffsite
  • Syntax
  • TBITBackup
  • TechNetBackup
  • TheDataVault
  • TitanBackup
  • TruStor
  • UndergroundBackups
  • VELOCIsecure
  • VembuBDR
  • VembuOffsiteDR
  • WrightOnline
  • XpressSTOR
  • ZipData
  • Other products or versions of products in this family may be affected too.
Versions
  • 360DR v4.4.0.0
  • BackSpace v4.5.0
  • BackupService v5.2.0
  • BackupSolution v4.4.0.0
  • BaltnetaOnlineBackup v4.1.0
  • ClearPointBackup v4.4.0.0
  • CloudBackup v4.4.0.0
  • CloudBasedBackup v4.4.0
  • CloudStor v4.4.0.0
  • CloudStore v4.4.0.0
  • CtrlSDataAssurance v4.5.0
  • CtrlSDataAssurance v4.4.2
  • CtrlSDataAssurance v4.4.0.0
  • CtrlSDataAssurance v4.4.0
  • CtrlSDataAssurance v4.2.0.0
  • CtrlSDataAssurance v4.2.0
  • CtrlSDataAssurance v3.5.0.0
  • DataAddicts v4.4.0.0
  • DataBackup v4.3.0
  • DataCrib v5.2.0
  • DataVault v5.1.0
  • DBS v4.4.0.0
  • EclipseBaaS v4.4.0.0
  • EnklareBackup v5.1.0
  • FastBackup v4.4.0.0
  • Guardian v5.1.0
  • Guardian v4.4.0.0
  • Guardian v4.4.0
  • HotlinkBackup v4.4.0
  • IronVault v4.4.0.0
  • iwksbackup v5.0.0
  • Level365OnlineBackup v4.4.0.0
  • LocalTel_RDS v4.4.0.0
  • MBCBackup v4.4.0.0
  • Netbackup v5.2.0
  • NetrepidHostedBackups v4.4.1
  • OffsiteVAULT v4.4.0.0
  • OnlineBackup_Client v5.1.0
  • OnlineBackup_Client v4.4.0.0
  • OnlineBackup_Client v4.4.0
  • OnyxSync v4.4.0.0
  • Opusbackup v4.4.0.0
  • P2VOnlineBackup v4.4.0.0
  • ProdigyBackup v4.4.0.0
  • QloudwiseBackup v4.4.2
  • RAKVault v4.4.0.0
  • ReflexBackups v4.4.0.0
  • RemoteDataRecovery v5.1.0
  • saf-gate v4.4.0.0
  • SamcoStor v5.0.0
  • SM4Store v4.4.0.0
  • StoreGrid v5.2.0
  • StoreGrid v5.1.0
  • Storegrid v5.1.0
  • StoreGrid v5.0.0
  • StoreGrid v4.5.0
  • StoreGrid v4.4.1.0
  • StoreGrid v4.4.1
  • StoreGrid v4.4.0.0
  • StoreGrid v4.4.0
  • StoreGrid v4.2.1.0
  • StoreGrid v4.2.1
  • StoreGrid v4.0.0.0
  • StoreGrid v3.5.0.0
  • StoreGrid v3.1.0.0
  • StoreSafeDC v4.4.0.0
  • StorNet v5.0.0
  • StorNet v4.4.0
  • STPOffsite v4.4.0.0
  • Syntax v4.4.0.0
  • TBITBackup v5.1.0
  • TechNetBackup v4.4.0.0
  • TheDataVault v4.5.0
  • TitanBackup v5.2.0
  • TitanBackup v5.1.0
  • TruStor v4.4.0.0
  • TruStor v3.5.0.0
  • UndergroundBackups v4.4.0.0
  • VELOCIsecure v4.4.0.0
  • VembuBDR v6.1.0.0
  • VembuBDR v4.2.0.1
  • VembuBDR v4.2.0
  • VembuBDR v4.1.0
  • VembuBDR v4.0.2
  • VembuBDR v4.0.1
  • VembuBDR v4.0.0
  • VembuBDR v3.9.1 Update1
  • VembuBDR v3.9.0 Update1
  • VembuBDR v3.9.0
  • VembuBDR v3.8.0
  • VembuBDR v3.7.0
  • VembuBDR v3.5.0.0
  • VembuOffsiteDR v4.2.0.1
  • VembuOffsiteDR v4.2.0
  • WrightOnline v4.4.0.0
  • XpressSTOR v4.4.0.0
  • ZipData v4.4.0.0
  • Other products or versions of products in this family may be affected too.
Page author Frank Breedijk
CVSS Base Score 7.2