Vulnerabilites related to dell - emc_integrated_data_protection_appliance
Vulnerability from fkie_nvd
Published
2019-10-09 20:15
Modified
2024-11-21 04:42
Severity ?
Summary
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_avamar_server | 7.4.1 | |
| dell | emc_avamar_server | 7.5.0 | |
| dell | emc_avamar_server | 7.5.1 | |
| dell | emc_avamar_server | 18.2 | |
| dell | emc_avamar_server | 19.1 | |
| dell | emc_integrated_data_protection_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D31DB2E9-502A-4097-B7D0-01BD33CB5DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2505F76D-6AB8-489A-AB9D-9069B9A9025E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B5714A80-1068-4C43-AF9F-2176C72D1416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52BE822E-6FD6-4FC8-9DFC-A4073D31B58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D055384E-1362-43FC-BD4C-9FAED912FE1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "430C90BD-C302-42BE-9292-4B6B3F47E955",
"versionEndIncluding": "2.4",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place."
},
{
"lang": "es",
"value": "Dell EMC Avamar Server versiones 7.4.1, 7.5.0, 7.5.1, 18.2 y 19.1 y Dell EMC Integrated Data Protection Appliance (IDPA) versiones 2.0, 2.1, 2.2, 2.3 y 2.4, contienen una Asignaci\u00f3n de Permisos Incorrecta para una vulnerabilidad de Recursos Cr\u00edticos. Un usuario malicioso autenticado remoto podr\u00eda explotar esta vulnerabilidad para visualizar o modificar datos confidenciales de respaldo. Esto podr\u00eda usarse para corromper las copias de seguridad o para enga\u00f1ar potencialmente a un usuario para que restaure una copia de seguridad con archivos maliciosos en su lugar."
}
],
"id": "CVE-2019-3765",
"lastModified": "2024-11-21T04:42:29.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 5.8,
"source": "security_alert@emc.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-09T20:15:27.800",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-15 22:15
Modified
2024-11-21 05:48
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_avamar_server | 19.3 | |
| dell | emc_avamar_server | 19.4 | |
| dell | emc_integrated_data_protection_appliance | 2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FEBC8A-A479-4684-A870-19E5046EA3B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC33D28B-F305-47AB-84DE-40A2DCB956AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D783F9-E4AD-41A8-B1F9-D52333B00D62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users\u0027 backup data."
},
{
"lang": "es",
"value": "Dell EMC Avamar Server, versiones 19.3 y 19.4, contienen una vulnerabilidad de Autorizaci\u00f3n Inapropiada en la Interfaz de Usuario web.\u0026#xa0;Un atacante remoto con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para obtener acceso no autorizado de lectura o modificaci\u00f3n a los datos de respaldo de otros usuarios"
}
],
"id": "CVE-2021-21511",
"lastModified": "2024-11-21T05:48:30.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-15T22:15:13.897",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-14 21:15
Modified
2024-11-21 05:24
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
Summary
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_avamar_server | 19.1 | |
| dell | emc_avamar_server | 19.2 | |
| dell | emc_avamar_server | 19.3 | |
| dell | emc_integrated_data_protection_appliance | 2.5 | |
| dell | emc_integrated_data_protection_appliance | 2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D055384E-1362-43FC-BD4C-9FAED912FE1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB61C3E2-E97A-48FA-BECE-3593B77C1386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FEBC8A-A479-4684-A870-19E5046EA3B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE59022-84BF-48EF-8A9B-0F9A5C68B529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D783F9-E4AD-41A8-B1F9-D52333B00D62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files."
},
{
"lang": "es",
"value": "Dell EMC Avamar Server, versiones 19.1, 19.2, 19.3, contiene una vulnerabilidad de salto de ruta en PDM.\u0026#xa0;Un usuario remoto podr\u00eda aprovechar esta vulnerabilidad para conseguir acceso de escritura no autorizado a los archivos arbitrarios almacenados en el sistema de archivos del servidor, causando la eliminaci\u00f3n de archivos arbitrarios"
}
],
"id": "CVE-2020-29494",
"lastModified": "2024-11-21T05:24:06.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-14T21:15:13.507",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-02 22:29
Modified
2024-11-21 03:42
Severity ?
Summary
Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/105764 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://seclists.org/fulldisclosure/2018/Oct/53 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105764 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Oct/53 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_integrated_data_protection_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A18BB3F0-226F-4757-8990-94E6E8041070",
"versionEndIncluding": "2.2",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named \u0027support\u0027 and \u0027admin\u0027 that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
},
{
"lang": "es",
"value": "Integrated Data Protection Appliance en versiones 2.0, 2.1 y 2.2 contiene cuentas no documentadas llamadas \"support\" y \"admin\" que est\u00e1n protegidas por contrase\u00f1as por defecto. Estas cuentas tienen privilegios limitados y pueden acceder solo a ciertos archivos del sistema. Un usuario malicioso que conozca las contrase\u00f1as por defecto podr\u00eda iniciar sesi\u00f3n en el sistema y obtener acceso de lectura y escritura a ciertos archivos del sistema."
}
],
"id": "CVE-2018-11062",
"lastModified": "2024-11-21T03:42:36.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-02T22:29:00.253",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105764"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/53"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-26 20:29
Modified
2024-11-21 03:42
Severity ?
Summary
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/105969 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1042153 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://seclists.org/fulldisclosure/2018/Nov/49 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | https://www.vmware.com/security/advisories/VMSA-2018-0029.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105969 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Nov/49 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2018-0029.html | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9FD281-DB86-4D2D-BC19-CE2453709121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA20E0E8-6812-4416-93AA-E59B693FCFC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "066595A8-C9EC-4ED3-AE76-A778F226B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA338A4-140B-4C5E-9D58-C17163EBE629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "490F94D4-CD84-418F-BCF3-A5FF2F98BEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FAAFDD-6A1B-44DE-92CB-B60D24397FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EA6C66A-CD8D-4829-891D-64FF533F3780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B634FEE-123C-413B-8D06-7D9E4AE0995B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9022A46B-7D49-492A-8DC4-CBA9C2001497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76D6282D-ABA7-4972-8E13-2A625F13CF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06E2AD30-A9F5-453C-BC38-2A35DD39FA85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF32F55-AE25-4F52-B043-1C2623344F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC123DA-FBC3-4075-B4C0-A5295A6965A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8E9053-F846-48A5-93D7-35D0665D4038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "561D7F05-3074-44E8-A9C9-11CF1B8FFF49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF81991D-6B69-4849-86B3-3A35CCB4B4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F9DE2E06-EAF2-401B-A775-44EF23D17691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "12DE5F53-7FEC-4EF0-9841-C8493AE25E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A908399-8C17-46B6-B554-77F588C2BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8AFC55-915D-46AC-80DA-E100F4CFFD64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B9A334-69EB-4E88-A446-18A1B0C669B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D94A218-4CA0-46EA-BA44-24E90037222D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AC527586-5680-4626-95D4-28EF84439DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1476A3A-9BD3-4DF5-8290-CC32AFFA122C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F946694-A52E-46C9-A4C7-663B5EE01138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D006B093-4DEB-4911-995C-744B3189D46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "664DCBF4-0C41-4B68-B983-4E16933BA269",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
},
{
"lang": "es",
"value": "Dell EMC Avamar Client Manager, en las versiones 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 y 18.1 de Dell EMC Avamar Server y las 2.0, 2.1 y 2.2 de Dell EMC Integrated Data Protection Appliance (IDPA) tienen una vulnerabilidad de redirecci\u00f3n abierta. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad para redirigir los usuarios de la aplicaci\u00f3n a URL de p\u00e1ginas web arbitrarias, enga\u00f1\u00e1ndolos para que hagan clic en enlaces maliciosamente manipulados. Se podr\u00eda usar esta vulnerabilidad para realizar ataques de phishing que provoquen que los usuarios visiten sitios web maliciosos sin querer."
}
],
"id": "CVE-2018-11067",
"lastModified": "2024-11-21T03:42:36.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-26T20:29:00.297",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105969"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042153"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-14 21:15
Modified
2024-11-21 05:24
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_avamar_server | 19.1 | |
| dell | emc_avamar_server | 19.2 | |
| dell | emc_avamar_server | 19.3 | |
| dell | emc_integrated_data_protection_appliance | 2.5 | |
| dell | emc_integrated_data_protection_appliance | 2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D055384E-1362-43FC-BD4C-9FAED912FE1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB61C3E2-E97A-48FA-BECE-3593B77C1386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FEBC8A-A479-4684-A870-19E5046EA3B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE59022-84BF-48EF-8A9B-0F9A5C68B529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D783F9-E4AD-41A8-B1F9-D52333B00D62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application\u0027s backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity."
},
{
"lang": "es",
"value": "DELL EMC Avamar Server, versiones 19.1, 19.2, 19.3, contienen una vulnerabilidad de inyecci\u00f3n SQL en Fitness Analyzer.\u0026#xa0;Un atacante remoto no autenticado podr\u00eda aprovechar esta vulnerabilidad, conllevando a una ejecuci\u00f3n de determinados comandos SQL en la base de datos del backend de la aplicaci\u00f3n, causando un acceso de lectura y escritura no autorizado a los datos de la aplicaci\u00f3n.\u0026#xa0;La explotaci\u00f3n puede conllevar a la fuga o la eliminaci\u00f3n de datos de respaldo confidenciales;\u0026#xa0;por tanto, la gravedad es Cr\u00edtica.\u0026#xa0;Dell EMC recomienda a los clientes que se actualicen lo antes posible"
}
],
"id": "CVE-2020-29493",
"lastModified": "2024-11-21T05:24:06.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-14T21:15:13.397",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-18 19:15
Modified
2024-11-21 04:42
Severity ?
Summary
Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_data_protection_central:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D08A9E4-6CBD-4FD5-8D95-5EF8836058EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_data_protection_central:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B67413B0-336F-4531-99D4-01785D18148F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_data_protection_central:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2146ECFF-AC16-4A9C-A7B2-5141E17CE4A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_data_protection_central:18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B65A4C0-54B8-4686-A696-792E61E89899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_data_protection_central:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9A5CC1-F413-44AD-901B-899FE33B7B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76D6282D-ABA7-4972-8E13-2A625F13CF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06E2AD30-A9F5-453C-BC38-2A35DD39FA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2114A81D-44AB-444B-85D4-D3A713418267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB029291-8242-4BE2-B7E3-C1D33421FE8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data."
},
{
"lang": "es",
"value": "Data Protection Central versiones 1.0, 1.0.1, 18.1, 18.2 y 19.1, contiene una vulnerabilidad de Cadena de Confianza de Certificado Inapropiada. atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad mediante la obtenci\u00f3n de un certificado firmado de CA de Data Protection Central al suplantar un sistema v\u00e1lido para comprometer la integridad de los datos."
}
],
"id": "CVE-2019-3762",
"lastModified": "2024-11-21T04:42:28.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security_alert@emc.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-18T19:15:17.437",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-296"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-10 20:29
Modified
2024-11-21 03:42
Severity ?
Summary
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2018/Aug/5 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/105130 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1041417 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Aug/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105130 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041417 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_data_protection_advisor | 6.2 | |
| dell | emc_data_protection_advisor | 6.3 | |
| dell | emc_data_protection_advisor | 6.4 | |
| dell | emc_data_protection_advisor | 6.5 | |
| dell | emc_integrated_data_protection_appliance | 2.0 | |
| dell | emc_integrated_data_protection_appliance | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_data_protection_advisor:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1941D69-2AFA-46AF-B5A6-DA54A704919A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_data_protection_advisor:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A98B199D-3590-43AD-B3DD-3832E0B1CDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_data_protection_advisor:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB4A43EE-2F9D-43C0-B8C8-CB231ECEE3E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_data_protection_advisor:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "669875C4-F354-4F36-A7F1-404BAC90276E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76D6282D-ABA7-4972-8E13-2A625F13CF53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request."
},
{
"lang": "es",
"value": "Dell EMC Data Protection Advisor, en versiones 6.2, 6,3, 6.4 y 6.5 y Dell EMC Integrated Data Protection Appliance (IDPA) en versiones 2.0 y 2.1 contienen una vulnerabilidad de inyecci\u00f3n XEE (XML External Entity) en la API REST. Un usuario autenticado remoto malicioso podr\u00eda explotar esta vulnerabilidad para leer ciertos archivos del sistema en el servidor o provocar una denegaci\u00f3n de servicio (DoS) proporcionando DTD (Document Type Definition) especialmente manipulados en una petici\u00f3n XML."
}
],
"id": "CVE-2018-11048",
"lastModified": "2024-11-21T03:42:33.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-10T20:29:00.243",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/5"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105130"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041417"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 18:15
Modified
2024-11-21 05:33
Severity ?
7.9 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76D6282D-ABA7-4972-8E13-2A625F13CF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06E2AD30-A9F5-453C-BC38-2A35DD39FA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2114A81D-44AB-444B-85D4-D3A713418267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB029291-8242-4BE2-B7E3-C1D33421FE8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component."
},
{
"lang": "es",
"value": "Dell EMC Integrated Data Protection Appliance versiones 2.0, 2.1, 2.2, 2.3, 2.4, contienen una vulnerabilidad de inyecci\u00f3n de comandos en el componente ACM. Un usuario malicioso autenticado remoto con privilegios root podr\u00eda inyectar par\u00e1metros en las API del componente ACM que podr\u00edan conllevar a la manipulaci\u00f3n de contrase\u00f1as y la ejecuci\u00f3n de comandos maliciosos en el componente ACM."
}
],
"id": "CVE-2020-5350",
"lastModified": "2024-11-21T05:33:57.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T18:15:15.693",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-10 19:15
Modified
2024-11-21 05:48
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000189555 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000189555 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_data_protection_search | * | |
| dell | emc_integrated_data_protection_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_data_protection_search:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FDF665A-704F-464A-9DF3-1C658278FA7E",
"versionEndExcluding": "19.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA7AE9A-3103-4296-AB92-6D3A936CF0D8",
"versionEndExcluding": "2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account."
},
{
"lang": "es",
"value": "Dell EMC Data Protection Search, versiones 19.4 y anteriores, e IDPA, 2.6.1 y anteriores, contienen una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en Archivos de Registro en CIS. Un atacante local poco privilegiado podr\u00eda explotar potencialmente esta vulnerabilidad, conllevando a la divulgaci\u00f3n de determinadas credenciales de usuario. El atacante puede ser capaz de usar las credenciales expuestas para acceder a la aplicaci\u00f3n vulnerable con los privilegios de la cuenta comprometida"
}
],
"id": "CVE-2021-21601",
"lastModified": "2024-11-21T05:48:40.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-10T19:15:07.577",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000189555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000189555"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "security_alert@emc.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-14 21:15
Modified
2024-11-21 05:24
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_avamar_server | 19.1 | |
| dell | emc_avamar_server | 19.2 | |
| dell | emc_avamar_server | 19.3 | |
| dell | emc_integrated_data_protection_appliance | 2.5 | |
| dell | emc_integrated_data_protection_appliance | 2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D055384E-1362-43FC-BD4C-9FAED912FE1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB61C3E2-E97A-48FA-BECE-3593B77C1386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FEBC8A-A479-4684-A870-19E5046EA3B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE59022-84BF-48EF-8A9B-0F9A5C68B529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D783F9-E4AD-41A8-B1F9-D52333B00D62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\u0027s underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity."
},
{
"lang": "es",
"value": "DELL EMC Avamar Server, versiones 19.1, 19.2, 19.3, contienen una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en Fitness Analyzer.\u0026#xa0;Un atacante remoto no autenticado podr\u00eda aprovechar esta vulnerabilidad, conllevando a una ejecuci\u00f3n de comandos arbitrarios del Sistema Operativo en el sistema operativo subyacente de la aplicaci\u00f3n con altos privilegios.\u0026#xa0;Esta vulnerabilidad se considera cr\u00edtica, ya que puede ser aprovechada para comprometer por completo la aplicaci\u00f3n vulnerable, as\u00ed como el sistema operativo subyacente.\u0026#xa0;Dell recomienda a los clientes que se actualicen lo antes posible"
}
],
"id": "CVE-2020-29495",
"lastModified": "2024-11-21T05:24:06.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-14T21:15:13.600",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-16 22:15
Modified
2024-11-21 04:42
Severity ?
Summary
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_avamar_server | 7.4.1 | |
| dell | emc_avamar_server | 7.5.0 | |
| dell | emc_avamar_server | 7.5.1 | |
| dell | emc_avamar_server | 18.2 | |
| dell | emc_avamar_server | 19.1 | |
| dell | emc_integrated_data_protection_appliance | 2.0 | |
| dell | emc_integrated_data_protection_appliance | 2.1 | |
| dell | emc_integrated_data_protection_appliance | 2.2 | |
| dell | emc_integrated_data_protection_appliance | 2.3 | |
| dell | emc_integrated_data_protection_appliance | 2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D31DB2E9-502A-4097-B7D0-01BD33CB5DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2505F76D-6AB8-489A-AB9D-9069B9A9025E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B5714A80-1068-4C43-AF9F-2176C72D1416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52BE822E-6FD6-4FC8-9DFC-A4073D31B58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar_server:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D055384E-1362-43FC-BD4C-9FAED912FE1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76D6282D-ABA7-4972-8E13-2A625F13CF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06E2AD30-A9F5-453C-BC38-2A35DD39FA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2114A81D-44AB-444B-85D4-D3A713418267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB029291-8242-4BE2-B7E3-C1D33421FE8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request."
},
{
"lang": "es",
"value": "Dell EMC Avamar Server versiones 7.4.1, 7.5.0, 7.5.1, 18.2 y 19.1 de y Dell EMC Integrated Data Protection Appliance (IDPA) versiones 2.0, 2.1, 2.2, 2.3 y 2.4, contienen una vulnerabilidad de tipo XML External Entity(XXE). Un usuario remoto malicioso no autenticado podr\u00eda potencialmente explotar esta vulnerabilidad para causar una Denegaci\u00f3n de Servicio o la exposici\u00f3n de informaci\u00f3n al suministrar definiciones de tipo de documento (DTD) especialmente dise\u00f1adas en una petici\u00f3n XML"
}
],
"id": "CVE-2019-3752",
"lastModified": "2024-11-21T04:42:27.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security_alert@emc.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-16T22:15:07.757",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-09 20:29
Modified
2024-11-21 03:59
Severity ?
Summary
Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2018/Apr/14 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securitytracker.com/id/1040641 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://www.exploit-db.com/exploits/44441/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Apr/14 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040641 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44441/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_avamar | 7.3.1 | |
| dell | emc_avamar | 7.4.1 | |
| dell | emc_avamar | 7.5.0 | |
| dell | emc_integrated_data_protection_appliance | 2.0 | |
| dell | emc_integrated_data_protection_appliance | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA338A4-140B-4C5E-9D58-C17163EBE629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FAAFDD-6A1B-44DE-92CB-B60D24397FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EA6C66A-CD8D-4829-891D-64FF533F3780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76D6282D-ABA7-4972-8E13-2A625F13CF53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials."
},
{
"lang": "es",
"value": "Avamar Installation Manager en Dell EMC Avamar Server 7.3.1, 7.4.1 y 7.5.0; y Dell EMC Integrated Data Protection Appliance 2.0 y 2.1 se ha visto afectado por una vulnerabilidad de falta de control de acceso que podr\u00eda permitir que un atacante remoto no autenticado lea o cambie las credenciales LDLS (Local Download Service). Las credenciales LDLS se emplean para conectarse a Dell EMC Online Support. Si la configuraci\u00f3n LDLS se cambiase a una configuraci\u00f3n inv\u00e1lida, Avamar Installation Manager podr\u00eda no ser capaz de conectarse al sitio web Dell EMC Online Support con \u00e9xito. El atacante remoto no autenticado tambi\u00e9n puede leer y emplear los credenciales para iniciar sesi\u00f3n en Dell EMC Online Support, haci\u00e9ndose pasar por las acciones del servicio AVI mediante el uso de esas credenciales."
}
],
"id": "CVE-2018-1217",
"lastModified": "2024-11-21T03:59:24.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-09T20:29:00.277",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Apr/14"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040641"
},
{
"source": "security_alert@emc.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44441/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Apr/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44441/"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-26 20:29
Modified
2024-11-21 03:42
Severity ?
Summary
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/105972 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1042153 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://seclists.org/fulldisclosure/2018/Nov/50 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | https://www.vmware.com/security/advisories/VMSA-2018-0029.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105972 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Nov/50 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2018-0029.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_avamar | 7.2.0 | |
| dell | emc_avamar | 7.2.1 | |
| dell | emc_avamar | 7.3.0 | |
| dell | emc_avamar | 7.3.1 | |
| dell | emc_avamar | 7.4.0 | |
| dell | emc_avamar | 7.4.1 | |
| dell | emc_integrated_data_protection_appliance | 2.0 | |
| vmware | vsphere_data_protection | 6.0.0 | |
| vmware | vsphere_data_protection | 6.0.1 | |
| vmware | vsphere_data_protection | 6.0.2 | |
| vmware | vsphere_data_protection | 6.0.3 | |
| vmware | vsphere_data_protection | 6.0.4 | |
| vmware | vsphere_data_protection | 6.0.5 | |
| vmware | vsphere_data_protection | 6.0.6 | |
| vmware | vsphere_data_protection | 6.0.7 | |
| vmware | vsphere_data_protection | 6.0.8 | |
| vmware | vsphere_data_protection | 6.1.0 | |
| vmware | vsphere_data_protection | 6.1.1 | |
| vmware | vsphere_data_protection | 6.1.2 | |
| vmware | vsphere_data_protection | 6.1.3 | |
| vmware | vsphere_data_protection | 6.1.4 | |
| vmware | vsphere_data_protection | 6.1.5 | |
| vmware | vsphere_data_protection | 6.1.6 | |
| vmware | vsphere_data_protection | 6.1.7 | |
| vmware | vsphere_data_protection | 6.1.8 | |
| vmware | vsphere_data_protection | 6.1.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9FD281-DB86-4D2D-BC19-CE2453709121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA20E0E8-6812-4416-93AA-E59B693FCFC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "066595A8-C9EC-4ED3-AE76-A778F226B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA338A4-140B-4C5E-9D58-C17163EBE629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "490F94D4-CD84-418F-BCF3-A5FF2F98BEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FAAFDD-6A1B-44DE-92CB-B60D24397FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF32F55-AE25-4F52-B043-1C2623344F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC123DA-FBC3-4075-B4C0-A5295A6965A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8E9053-F846-48A5-93D7-35D0665D4038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "561D7F05-3074-44E8-A9C9-11CF1B8FFF49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF81991D-6B69-4849-86B3-3A35CCB4B4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F9DE2E06-EAF2-401B-A775-44EF23D17691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "12DE5F53-7FEC-4EF0-9841-C8493AE25E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A908399-8C17-46B6-B554-77F588C2BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8AFC55-915D-46AC-80DA-E100F4CFFD64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B9A334-69EB-4E88-A446-18A1B0C669B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D94A218-4CA0-46EA-BA44-24E90037222D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AC527586-5680-4626-95D4-28EF84439DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1476A3A-9BD3-4DF5-8290-CC32AFFA122C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F946694-A52E-46C9-A4C7-663B5EE01138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D006B093-4DEB-4911-995C-744B3189D46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "664DCBF4-0C41-4B68-B983-4E16933BA269",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
},
{
"lang": "es",
"value": "Las versiones 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 y 7.4.1 de Dell EMC Avamar Server y la 2.0 de Dell EMC Integrated Data Protection Appliance (IDPA) se ven afectadas por una vulnerabilidad de exposici\u00f3n de informaci\u00f3n. La clave privada \"SSL/TLS\" de la consola de gesti\u00f3n de Avamar Java podr\u00eda divulgarse en el paquete del cliente de gesti\u00f3n del mismo. Esta clave privada podr\u00eda ser usada por un atacante no autenticado en la misma capa data-link para iniciar un ataque Man-in-the-Middle (MitM) contra los usuarios de la consola de gesti\u00f3n."
}
],
"id": "CVE-2018-11076",
"lastModified": "2024-11-21T03:42:37.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-26T20:29:00.357",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105972"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042153"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-26 20:29
Modified
2024-11-21 03:42
Severity ?
Summary
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/105971 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1042153 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://seclists.org/fulldisclosure/2018/Nov/51 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | https://www.vmware.com/security/advisories/VMSA-2018-0029.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105971 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Nov/51 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2018-0029.html | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9FD281-DB86-4D2D-BC19-CE2453709121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA20E0E8-6812-4416-93AA-E59B693FCFC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "066595A8-C9EC-4ED3-AE76-A778F226B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA338A4-140B-4C5E-9D58-C17163EBE629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "490F94D4-CD84-418F-BCF3-A5FF2F98BEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FAAFDD-6A1B-44DE-92CB-B60D24397FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EA6C66A-CD8D-4829-891D-64FF533F3780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B634FEE-123C-413B-8D06-7D9E4AE0995B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9022A46B-7D49-492A-8DC4-CBA9C2001497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76D6282D-ABA7-4972-8E13-2A625F13CF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06E2AD30-A9F5-453C-BC38-2A35DD39FA85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF32F55-AE25-4F52-B043-1C2623344F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC123DA-FBC3-4075-B4C0-A5295A6965A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8E9053-F846-48A5-93D7-35D0665D4038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "561D7F05-3074-44E8-A9C9-11CF1B8FFF49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF81991D-6B69-4849-86B3-3A35CCB4B4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F9DE2E06-EAF2-401B-A775-44EF23D17691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "12DE5F53-7FEC-4EF0-9841-C8493AE25E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A908399-8C17-46B6-B554-77F588C2BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8AFC55-915D-46AC-80DA-E100F4CFFD64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B9A334-69EB-4E88-A446-18A1B0C669B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D94A218-4CA0-46EA-BA44-24E90037222D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AC527586-5680-4626-95D4-28EF84439DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1476A3A-9BD3-4DF5-8290-CC32AFFA122C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F946694-A52E-46C9-A4C7-663B5EE01138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D006B093-4DEB-4911-995C-744B3189D46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "664DCBF4-0C41-4B68-B983-4E16933BA269",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\u0027getlogs\u0027 utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
},
{
"lang": "es",
"value": "La utilidad \"getlogs\" en las versiones 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 y 18.1 de Dell EMC Avamar Server y las 2.0, 2.1 y 2.2 de Dell EMC Integrated Data Protection Appliance (IDPA) se ven afectadas por una vulnerabilidad de inyecci\u00f3n de comandos en el sistema operativo. Un usuario \"Avamar admin\" malicioso podr\u00eda ejecutar comandos arbitrarios bajo el privilegio root."
}
],
"id": "CVE-2018-11077",
"lastModified": "2024-11-21T03:42:38.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-26T20:29:00.420",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105971"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042153"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-26 20:29
Modified
2024-11-21 03:42
Severity ?
Summary
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/105968 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1042153 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://seclists.org/fulldisclosure/2018/Nov/49 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | https://www.vmware.com/security/advisories/VMSA-2018-0029.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105968 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Nov/49 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2018-0029.html | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9FD281-DB86-4D2D-BC19-CE2453709121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA20E0E8-6812-4416-93AA-E59B693FCFC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "066595A8-C9EC-4ED3-AE76-A778F226B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA338A4-140B-4C5E-9D58-C17163EBE629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "490F94D4-CD84-418F-BCF3-A5FF2F98BEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FAAFDD-6A1B-44DE-92CB-B60D24397FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EA6C66A-CD8D-4829-891D-64FF533F3780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B634FEE-123C-413B-8D06-7D9E4AE0995B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9022A46B-7D49-492A-8DC4-CBA9C2001497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76D6282D-ABA7-4972-8E13-2A625F13CF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06E2AD30-A9F5-453C-BC38-2A35DD39FA85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF32F55-AE25-4F52-B043-1C2623344F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC123DA-FBC3-4075-B4C0-A5295A6965A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8E9053-F846-48A5-93D7-35D0665D4038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "561D7F05-3074-44E8-A9C9-11CF1B8FFF49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF81991D-6B69-4849-86B3-3A35CCB4B4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F9DE2E06-EAF2-401B-A775-44EF23D17691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "12DE5F53-7FEC-4EF0-9841-C8493AE25E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A908399-8C17-46B6-B554-77F588C2BF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8AFC55-915D-46AC-80DA-E100F4CFFD64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B9A334-69EB-4E88-A446-18A1B0C669B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D94A218-4CA0-46EA-BA44-24E90037222D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AC527586-5680-4626-95D4-28EF84439DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1476A3A-9BD3-4DF5-8290-CC32AFFA122C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F946694-A52E-46C9-A4C7-663B5EE01138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D006B093-4DEB-4911-995C-744B3189D46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "664DCBF4-0C41-4B68-B983-4E16933BA269",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
},
{
"lang": "es",
"value": "Dell EMC Avamar Client Manager, en las versiones 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 y 18.1 de Dell EMC Avamar Server y las 2.0, 2.1 y 2.2 de Dell EMC Integrated Data Protection Appliance (IDPA) tienen una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad para ejecutar comandos arbitrarios en el servidor."
}
],
"id": "CVE-2018-11066",
"lastModified": "2024-11-21T03:42:36.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-26T20:29:00.247",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105968"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042153"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-11076 (GCVE-0-2018-11076)
Vulnerability from cvelistv5
Published
2018-11-26 20:00
Modified
2024-09-16 20:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution Vulnerability
Summary
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Dell EMC | Avamar |
Version: 7.2.0 Version: 7.2.1 Version: 7.3.0 Version: 7.3.1 Version: 7.4.0 Version: 7.4.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105972",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105972"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"datePublic": "2018-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105972",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105972"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11076",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105972"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11076",
"datePublished": "2018-11-26T20:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-16T20:32:06.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21601 (GCVE-0-2021-21601)
Vulnerability from cvelistv5
Published
2021-08-10 19:05
Modified
2024-09-17 03:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Information Exposure Through Log Files
Summary
Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Data Protection Search |
Version: unspecified < 19.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:23.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000189555"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protection Search",
"vendor": "Dell",
"versions": [
{
"lessThan": "19.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T19:05:37",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000189555"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-07-22",
"ID": "CVE-2021-21601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protection Search",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "19.5"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000189555",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000189555"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-21601",
"datePublished": "2021-08-10T19:05:37.917696Z",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-09-17T03:02:46.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11062 (GCVE-0-2018-11062)
Vulnerability from cvelistv5
Published
2018-11-02 22:00
Modified
2024-09-16 18:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability
Summary
Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell EMC | Integrated Data Protection Appliance |
Version: 2.X < 2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/53"
},
{
"name": "105764",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"lessThan": "2.3",
"status": "affected",
"version": "2.X",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named \u0027support\u0027 and \u0027admin\u0027 that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-03T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/53"
},
{
"name": "105764",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105764"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-10-29T16:00:00.000Z",
"ID": "CVE-2018-11062",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.X",
"version_value": "2.3"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named \u0027support\u0027 and \u0027admin\u0027 that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Oct/53"
},
{
"name": "105764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105764"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11062",
"datePublished": "2018-11-02T22:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-16T18:04:27.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11067 (GCVE-0-2018-11067)
Vulnerability from cvelistv5
Published
2018-11-26 20:00
Modified
2024-09-17 00:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Open Redirection Vulnerability
Summary
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Dell EMC | Avamar |
Version: 7.2.0 Version: 7.2.1 Version: 7.3.0 Version: 7.3.1 Version: 7.4.0 Version: 7.4.1 Version: 7.5.0 Version: 7.5.1 Version: 18.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105969",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105969"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2018-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirection Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105969",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105969"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11067",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.5.1"
},
{
"version_value": "18.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirection Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105969"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11067",
"datePublished": "2018-11-26T20:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-17T00:11:44.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3762 (GCVE-0-2019-3762)
Vulnerability from cvelistv5
Published
2020-03-18 18:20
Modified
2024-09-16 23:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-296 - Improper Following of a Certificate's Chain of Trust
Summary
Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Data Protection Central |
Version: 1.0, 1.0.1, 18.1, 18.2, 19.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protection Central",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "1.0, 1.0.1, 18.1, 18.2, 19.1"
}
]
}
],
"datePublic": "2019-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-296",
"description": "CWE-296: Improper Following of a Certificate\u0027s Chain of Trust",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T18:20:16",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-09-04",
"ID": "CVE-2019-3762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protection Central",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0, 1.0.1, 18.1, 18.2, 19.1"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-296: Improper Following of a Certificate\u0027s Chain of Trust"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3762",
"datePublished": "2020-03-18T18:20:16.283199Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:15:44.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3765 (GCVE-0-2019-3765)
Vulnerability from cvelistv5
Published
2019-10-09 19:20
Modified
2024-09-16 21:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Dell | Avamar |
Version: 7.4.1 Version: 7.5.0 Version: 7.5.1 Version: 18.2 Version: 19.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.2"
},
{
"status": "affected",
"version": "19.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2019-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T19:20:45",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-10-04",
"ID": "CVE-2019-3765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_affected": "=",
"version_value": "7.5.0"
},
{
"version_affected": "=",
"version_value": "7.5.1"
},
{
"version_affected": "=",
"version_value": "18.2"
},
{
"version_affected": "=",
"version_value": "19.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "2.1"
},
{
"version_affected": "=",
"version_value": "2.2"
},
{
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.1,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability",
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3765",
"datePublished": "2019-10-09T19:20:45.226308Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T21:02:30.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3752 (GCVE-0-2019-3752)
Vulnerability from cvelistv5
Published
2021-07-16 21:20
Modified
2024-09-16 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Summary
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "7.4.1, 7.5.0, 7.5.1, 18.2"
}
]
}
],
"datePublic": "2019-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T21:20:09",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-10-10",
"ID": "CVE-2019-3752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.4.1, 7.5.0, 7.5.1, 18.2"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.2,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3752",
"datePublished": "2021-07-16T21:20:09.995409Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:40:28.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11077 (GCVE-0-2018-11077)
Vulnerability from cvelistv5
Published
2018-11-26 20:00
Modified
2024-09-17 03:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Command Injection Vulnerability
Summary
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Dell EMC | Avamar |
Version: 7.2.0 Version: 7.2.1 Version: 7.3.0 Version: 7.3.1 Version: 7.4.0 Version: 7.4.1 Version: 7.5.0 Version: 7.5.1 Version: 18.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"name": "105971",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105971"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2018-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "\u0027getlogs\u0027 utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"name": "105971",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105971"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11077",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.5.1"
},
{
"version_value": "18.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\u0027getlogs\u0027 utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"name": "105971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105971"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11077",
"datePublished": "2018-11-26T20:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-17T03:06:58.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5350 (GCVE-0-2020-5350)
Vulnerability from cvelistv5
Published
2020-04-15 18:00
Modified
2024-09-16 17:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Integrated Data Protection Appliance |
Version: unspecified < 2.0, 2.1, 2.2, 2.3, 2.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0, 2.1, 2.2, 2.3, 2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T18:00:18",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-03-31",
"ID": "CVE-2020-5350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.0, 2.1, 2.2, 2.3, 2.4"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.9,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5350",
"datePublished": "2020-04-15T18:00:18.727517Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T17:54:54.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29494 (GCVE-0-2020-29494)
Vulnerability from cvelistv5
Published
2021-01-14 21:10
Modified
2024-09-16 17:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell",
"versions": [
{
"lessThan": "HF 19.1, 19.2, 19.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-14T21:10:15",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-01-12",
"ID": "CVE-2020-29494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "HF 19.1, 19.2, 19.3"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.7,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-29494",
"datePublished": "2021-01-14T21:10:16.028574Z",
"dateReserved": "2020-12-03T00:00:00",
"dateUpdated": "2024-09-16T17:38:57.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1217 (GCVE-0-2018-1217)
Vulnerability from cvelistv5
Published
2018-04-09 20:00
Modified
2024-09-16 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Missing Access Control Vulnerability
Summary
Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell EMC | Avamar, Integrated Data Protection Appliance |
Version: Avamar Server versions 7.3.1, 7.4.1, 7.5.0 Version: Integrated Data Protection Appliance Versions 2.0, 2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:49.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44441",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44441/"
},
{
"name": "1040641",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040641"
},
{
"name": "20180405 DSA-2018-025: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Apr/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar, Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "Avamar Server versions 7.3.1, 7.4.1, 7.5.0"
},
{
"status": "affected",
"version": "Integrated Data Protection Appliance Versions 2.0, 2.1"
}
]
}
],
"datePublic": "2018-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Access Control Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-12T09:57:02",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "44441",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44441/"
},
{
"name": "1040641",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040641"
},
{
"name": "20180405 DSA-2018-025: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Apr/14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-04-05T00:00:00",
"ID": "CVE-2018-1217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar, Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"version_value": "Avamar Server versions 7.3.1, 7.4.1, 7.5.0"
},
{
"version_value": "Integrated Data Protection Appliance Versions 2.0, 2.1"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Access Control Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44441",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44441/"
},
{
"name": "1040641",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040641"
},
{
"name": "20180405 DSA-2018-025: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Apr/14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1217",
"datePublished": "2018-04-09T20:00:00Z",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-09-16T19:47:17.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29493 (GCVE-0-2020-29493)
Vulnerability from cvelistv5
Published
2021-01-14 21:10
Modified
2024-09-16 19:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:09.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell",
"versions": [
{
"lessThan": "HF 19.1, 19.2, 19.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application\u0027s backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-14T21:10:15",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-01-12",
"ID": "CVE-2020-29493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "HF 19.1, 19.2, 19.3"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application\u0027s backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity."
}
]
},
"impact": {
"cvss": {
"baseScore": 10,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-29493",
"datePublished": "2021-01-14T21:10:15.376000Z",
"dateReserved": "2020-12-03T00:00:00",
"dateUpdated": "2024-09-16T19:46:41.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11048 (GCVE-0-2018-11048)
Vulnerability from cvelistv5
Published
2018-08-10 20:00
Modified
2024-09-17 01:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- XML External Entity Vulnerability
Summary
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Dell EMC | Data Protection Advisor |
Version: 6.2 Version: 6.3 Version: 6.4 < Version: 6.5 < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105130",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105130"
},
{
"name": "20180803 DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/5"
},
{
"name": "1041417",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041417"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protection Advisor",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"lessThanOrEqual": "patch B180",
"status": "affected",
"version": "6.4",
"versionType": "custom"
},
{
"lessThanOrEqual": "patch B58",
"status": "affected",
"version": "6.5",
"versionType": "custom"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
}
]
}
],
"datePublic": "2018-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML External Entity Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "105130",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105130"
},
{
"name": "20180803 DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/5"
},
{
"name": "1041417",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041417"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-08-03T04:00:00.000Z",
"ID": "CVE-2018-11048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protection Advisor",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "6.2"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.3"
},
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "6.4",
"version_value": "patch B180"
},
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "6.5",
"version_value": "patch B58"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105130"
},
{
"name": "20180803 DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/5"
},
{
"name": "1041417",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041417"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11048",
"datePublished": "2018-08-10T20:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-17T01:56:30.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11066 (GCVE-0-2018-11066)
Vulnerability from cvelistv5
Published
2018-11-26 20:00
Modified
2024-09-17 03:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution Vulnerability
Summary
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Dell EMC | Avamar |
Version: 7.2.0 Version: 7.2.1 Version: 7.3.0 Version: 7.3.1 Version: 7.4.0 Version: 7.4.1 Version: 7.5.0 Version: 7.5.1 Version: 18.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105968",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105968"
},
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2018-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "105968",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105968"
},
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11066",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.5.1"
},
{
"version_value": "18.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105968"
},
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11066",
"datePublished": "2018-11-26T20:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-17T03:43:20.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21511 (GCVE-0-2021-21511)
Vulnerability from cvelistv5
Published
2021-02-15 22:10
Modified
2024-09-16 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "19.3, 19.4"
}
]
}
],
"datePublic": "2021-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users\u0027 backup data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-15T22:10:13",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-02-04",
"ID": "CVE-2021-21511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "19.3, 19.4"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users\u0027 backup data."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.1,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-21511",
"datePublished": "2021-02-15T22:10:13.905053Z",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-09-16T19:20:26.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29495 (GCVE-0-2020-29495)
Vulnerability from cvelistv5
Published
2021-01-14 21:10
Modified
2024-09-16 16:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:09.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell",
"versions": [
{
"lessThan": "HF 19.1, 19.2, 19.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\u0027s underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-14T21:10:16",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-01-21",
"ID": "CVE-2020-29495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "HF 19.1, 19.2, 19.3"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\u0027s underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity."
}
]
},
"impact": {
"cvss": {
"baseScore": 10,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-29495",
"datePublished": "2021-01-14T21:10:16.713796Z",
"dateReserved": "2020-12-03T00:00:00",
"dateUpdated": "2024-09-16T16:12:48.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}