Search criteria
32 vulnerabilities found for emc_integrated_data_protection_appliance by dell
CVE-2021-21601 (GCVE-0-2021-21601)
Vulnerability from nvd – Published: 2021-08-10 19:05 – Updated: 2024-09-17 03:02
VLAI?
Summary
Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.
Severity ?
8.8 (High)
CWE
- CWE-532 - Information Exposure Through Log Files
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Data Protection Search |
Affected:
unspecified , < 19.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:23.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000189555"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protection Search",
"vendor": "Dell",
"versions": [
{
"lessThan": "19.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T19:05:37",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000189555"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-07-22",
"ID": "CVE-2021-21601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protection Search",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "19.5"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000189555",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000189555"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-21601",
"datePublished": "2021-08-10T19:05:37.917696Z",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-09-17T03:02:46.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3752 (GCVE-0-2019-3752)
Vulnerability from nvd – Published: 2021-07-16 21:20 – Updated: 2024-09-16 23:40
VLAI?
Summary
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request.
Severity ?
8.2 (High)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "7.4.1, 7.5.0, 7.5.1, 18.2"
}
]
}
],
"datePublic": "2019-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T21:20:09",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-10-10",
"ID": "CVE-2019-3752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.4.1, 7.5.0, 7.5.1, 18.2"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.2,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3752",
"datePublished": "2021-07-16T21:20:09.995409Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:40:28.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21511 (GCVE-0-2021-21511)
Vulnerability from nvd – Published: 2021-02-15 22:10 – Updated: 2024-09-16 19:20
VLAI?
Summary
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data.
Severity ?
8.1 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "19.3, 19.4"
}
]
}
],
"datePublic": "2021-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users\u0027 backup data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-15T22:10:13",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-02-04",
"ID": "CVE-2021-21511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "19.3, 19.4"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users\u0027 backup data."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.1,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-21511",
"datePublished": "2021-02-15T22:10:13.905053Z",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-09-16T19:20:26.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29495 (GCVE-0-2020-29495)
Vulnerability from nvd – Published: 2021-01-14 21:10 – Updated: 2024-09-16 16:12
VLAI?
Summary
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.
Severity ?
10 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:09.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell",
"versions": [
{
"lessThan": "HF 19.1, 19.2, 19.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\u0027s underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-14T21:10:16",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-01-21",
"ID": "CVE-2020-29495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "HF 19.1, 19.2, 19.3"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\u0027s underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity."
}
]
},
"impact": {
"cvss": {
"baseScore": 10,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-29495",
"datePublished": "2021-01-14T21:10:16.713796Z",
"dateReserved": "2020-12-03T00:00:00",
"dateUpdated": "2024-09-16T16:12:48.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29494 (GCVE-0-2020-29494)
Vulnerability from nvd – Published: 2021-01-14 21:10 – Updated: 2024-09-16 17:38
VLAI?
Summary
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.
Severity ?
8.7 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell",
"versions": [
{
"lessThan": "HF 19.1, 19.2, 19.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-14T21:10:15",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-01-12",
"ID": "CVE-2020-29494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "HF 19.1, 19.2, 19.3"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.7,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-29494",
"datePublished": "2021-01-14T21:10:16.028574Z",
"dateReserved": "2020-12-03T00:00:00",
"dateUpdated": "2024-09-16T17:38:57.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29493 (GCVE-0-2020-29493)
Vulnerability from nvd – Published: 2021-01-14 21:10 – Updated: 2024-09-16 19:46
VLAI?
Summary
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.
Severity ?
10 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:09.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell",
"versions": [
{
"lessThan": "HF 19.1, 19.2, 19.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application\u0027s backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-14T21:10:15",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-01-12",
"ID": "CVE-2020-29493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "HF 19.1, 19.2, 19.3"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application\u0027s backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity."
}
]
},
"impact": {
"cvss": {
"baseScore": 10,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-29493",
"datePublished": "2021-01-14T21:10:15.376000Z",
"dateReserved": "2020-12-03T00:00:00",
"dateUpdated": "2024-09-16T19:46:41.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5350 (GCVE-0-2020-5350)
Vulnerability from nvd – Published: 2020-04-15 18:00 – Updated: 2024-09-16 17:54
VLAI?
Summary
Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.
Severity ?
7.9 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Integrated Data Protection Appliance |
Affected:
unspecified , < 2.0, 2.1, 2.2, 2.3, 2.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0, 2.1, 2.2, 2.3, 2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T18:00:18",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-03-31",
"ID": "CVE-2020-5350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.0, 2.1, 2.2, 2.3, 2.4"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.9,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5350",
"datePublished": "2020-04-15T18:00:18.727517Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T17:54:54.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3762 (GCVE-0-2019-3762)
Vulnerability from nvd – Published: 2020-03-18 18:20 – Updated: 2024-09-16 23:15
VLAI?
Summary
Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data.
Severity ?
7.5 (High)
CWE
- CWE-296 - Improper Following of a Certificate's Chain of Trust
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Data Protection Central |
Affected:
1.0, 1.0.1, 18.1, 18.2, 19.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protection Central",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "1.0, 1.0.1, 18.1, 18.2, 19.1"
}
]
}
],
"datePublic": "2019-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-296",
"description": "CWE-296: Improper Following of a Certificate\u0027s Chain of Trust",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T18:20:16",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-09-04",
"ID": "CVE-2019-3762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protection Central",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0, 1.0.1, 18.1, 18.2, 19.1"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-296: Improper Following of a Certificate\u0027s Chain of Trust"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3762",
"datePublished": "2020-03-18T18:20:16.283199Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:15:44.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3765 (GCVE-0-2019-3765)
Vulnerability from nvd – Published: 2019-10-09 19:20 – Updated: 2024-09-16 21:02
VLAI?
Summary
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.
Severity ?
8.1 (High)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Dell | Avamar |
Affected:
7.4.1
Affected: 7.5.0 Affected: 7.5.1 Affected: 18.2 Affected: 19.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.2"
},
{
"status": "affected",
"version": "19.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2019-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T19:20:45",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-10-04",
"ID": "CVE-2019-3765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_affected": "=",
"version_value": "7.5.0"
},
{
"version_affected": "=",
"version_value": "7.5.1"
},
{
"version_affected": "=",
"version_value": "18.2"
},
{
"version_affected": "=",
"version_value": "19.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "2.1"
},
{
"version_affected": "=",
"version_value": "2.2"
},
{
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.1,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability",
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3765",
"datePublished": "2019-10-09T19:20:45.226308Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T21:02:30.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11077 (GCVE-0-2018-11077)
Vulnerability from nvd – Published: 2018-11-26 20:00 – Updated: 2024-09-17 03:06
VLAI?
Title
Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability
Summary
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
Severity ?
No CVSS data available.
CWE
- Command Injection Vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Dell EMC | Avamar |
Affected:
7.2.0
Affected: 7.2.1 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.4.0 Affected: 7.4.1 Affected: 7.5.0 Affected: 7.5.1 Affected: 18.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"name": "105971",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105971"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2018-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "\u0027getlogs\u0027 utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"name": "105971",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105971"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11077",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.5.1"
},
{
"version_value": "18.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\u0027getlogs\u0027 utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"name": "105971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105971"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11077",
"datePublished": "2018-11-26T20:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-17T03:06:58.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11076 (GCVE-0-2018-11076)
Vulnerability from nvd – Published: 2018-11-26 20:00 – Updated: 2024-09-16 20:32
VLAI?
Title
Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability
Summary
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution Vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Dell EMC | Avamar |
Affected:
7.2.0
Affected: 7.2.1 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.4.0 Affected: 7.4.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105972",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105972"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"datePublic": "2018-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105972",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105972"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11076",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105972"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11076",
"datePublished": "2018-11-26T20:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-16T20:32:06.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11067 (GCVE-0-2018-11067)
Vulnerability from nvd – Published: 2018-11-26 20:00 – Updated: 2024-09-17 00:11
VLAI?
Title
Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability
Summary
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
Severity ?
No CVSS data available.
CWE
- Open Redirection Vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Dell EMC | Avamar |
Affected:
7.2.0
Affected: 7.2.1 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.4.0 Affected: 7.4.1 Affected: 7.5.0 Affected: 7.5.1 Affected: 18.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105969",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105969"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2018-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirection Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105969",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105969"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11067",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.5.1"
},
{
"version_value": "18.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirection Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105969"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11067",
"datePublished": "2018-11-26T20:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-17T00:11:44.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11066 (GCVE-0-2018-11066)
Vulnerability from nvd – Published: 2018-11-26 20:00 – Updated: 2024-09-17 03:43
VLAI?
Title
Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability
Summary
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution Vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Dell EMC | Avamar |
Affected:
7.2.0
Affected: 7.2.1 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.4.0 Affected: 7.4.1 Affected: 7.5.0 Affected: 7.5.1 Affected: 18.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105968",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105968"
},
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2018-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "105968",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105968"
},
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11066",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.5.1"
},
{
"version_value": "18.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105968"
},
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11066",
"datePublished": "2018-11-26T20:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-17T03:43:20.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11062 (GCVE-0-2018-11062)
Vulnerability from nvd – Published: 2018-11-02 22:00 – Updated: 2024-09-16 18:04
VLAI?
Title
Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability
Summary
Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files.
Severity ?
No CVSS data available.
CWE
- Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell EMC | Integrated Data Protection Appliance |
Affected:
2.X , < 2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/53"
},
{
"name": "105764",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"lessThan": "2.3",
"status": "affected",
"version": "2.X",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named \u0027support\u0027 and \u0027admin\u0027 that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-03T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/53"
},
{
"name": "105764",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105764"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-10-29T16:00:00.000Z",
"ID": "CVE-2018-11062",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.X",
"version_value": "2.3"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named \u0027support\u0027 and \u0027admin\u0027 that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Oct/53"
},
{
"name": "105764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105764"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11062",
"datePublished": "2018-11-02T22:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-16T18:04:27.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11048 (GCVE-0-2018-11048)
Vulnerability from nvd – Published: 2018-08-10 20:00 – Updated: 2024-09-17 01:56
VLAI?
Summary
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.
Severity ?
No CVSS data available.
CWE
- XML External Entity Vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Dell EMC | Data Protection Advisor |
Affected:
6.2
Affected: 6.3 Affected: 6.4 , ≤ patch B180 (custom) Affected: 6.5 , ≤ patch B58 (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105130",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105130"
},
{
"name": "20180803 DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/5"
},
{
"name": "1041417",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041417"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protection Advisor",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"lessThanOrEqual": "patch B180",
"status": "affected",
"version": "6.4",
"versionType": "custom"
},
{
"lessThanOrEqual": "patch B58",
"status": "affected",
"version": "6.5",
"versionType": "custom"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
}
]
}
],
"datePublic": "2018-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML External Entity Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "105130",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105130"
},
{
"name": "20180803 DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/5"
},
{
"name": "1041417",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041417"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-08-03T04:00:00.000Z",
"ID": "CVE-2018-11048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protection Advisor",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "6.2"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.3"
},
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "6.4",
"version_value": "patch B180"
},
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "6.5",
"version_value": "patch B58"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105130"
},
{
"name": "20180803 DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/5"
},
{
"name": "1041417",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041417"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11048",
"datePublished": "2018-08-10T20:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-17T01:56:30.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21601 (GCVE-0-2021-21601)
Vulnerability from cvelistv5 – Published: 2021-08-10 19:05 – Updated: 2024-09-17 03:02
VLAI?
Summary
Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.
Severity ?
8.8 (High)
CWE
- CWE-532 - Information Exposure Through Log Files
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Data Protection Search |
Affected:
unspecified , < 19.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:23.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000189555"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protection Search",
"vendor": "Dell",
"versions": [
{
"lessThan": "19.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T19:05:37",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000189555"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-07-22",
"ID": "CVE-2021-21601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protection Search",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "19.5"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000189555",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000189555"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-21601",
"datePublished": "2021-08-10T19:05:37.917696Z",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-09-17T03:02:46.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3752 (GCVE-0-2019-3752)
Vulnerability from cvelistv5 – Published: 2021-07-16 21:20 – Updated: 2024-09-16 23:40
VLAI?
Summary
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request.
Severity ?
8.2 (High)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "7.4.1, 7.5.0, 7.5.1, 18.2"
}
]
}
],
"datePublic": "2019-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T21:20:09",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-10-10",
"ID": "CVE-2019-3752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.4.1, 7.5.0, 7.5.1, 18.2"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.2,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3752",
"datePublished": "2021-07-16T21:20:09.995409Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:40:28.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21511 (GCVE-0-2021-21511)
Vulnerability from cvelistv5 – Published: 2021-02-15 22:10 – Updated: 2024-09-16 19:20
VLAI?
Summary
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data.
Severity ?
8.1 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "19.3, 19.4"
}
]
}
],
"datePublic": "2021-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users\u0027 backup data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-15T22:10:13",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-02-04",
"ID": "CVE-2021-21511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "19.3, 19.4"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users\u0027 backup data."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.1,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-21511",
"datePublished": "2021-02-15T22:10:13.905053Z",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-09-16T19:20:26.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29495 (GCVE-0-2020-29495)
Vulnerability from cvelistv5 – Published: 2021-01-14 21:10 – Updated: 2024-09-16 16:12
VLAI?
Summary
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.
Severity ?
10 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:09.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell",
"versions": [
{
"lessThan": "HF 19.1, 19.2, 19.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\u0027s underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-14T21:10:16",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-01-21",
"ID": "CVE-2020-29495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "HF 19.1, 19.2, 19.3"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\u0027s underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity."
}
]
},
"impact": {
"cvss": {
"baseScore": 10,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-29495",
"datePublished": "2021-01-14T21:10:16.713796Z",
"dateReserved": "2020-12-03T00:00:00",
"dateUpdated": "2024-09-16T16:12:48.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29494 (GCVE-0-2020-29494)
Vulnerability from cvelistv5 – Published: 2021-01-14 21:10 – Updated: 2024-09-16 17:38
VLAI?
Summary
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.
Severity ?
8.7 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell",
"versions": [
{
"lessThan": "HF 19.1, 19.2, 19.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-14T21:10:15",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-01-12",
"ID": "CVE-2020-29494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "HF 19.1, 19.2, 19.3"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.7,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-29494",
"datePublished": "2021-01-14T21:10:16.028574Z",
"dateReserved": "2020-12-03T00:00:00",
"dateUpdated": "2024-09-16T17:38:57.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29493 (GCVE-0-2020-29493)
Vulnerability from cvelistv5 – Published: 2021-01-14 21:10 – Updated: 2024-09-16 19:46
VLAI?
Summary
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.
Severity ?
10 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:09.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell",
"versions": [
{
"lessThan": "HF 19.1, 19.2, 19.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application\u0027s backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-14T21:10:15",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-01-12",
"ID": "CVE-2020-29493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "HF 19.1, 19.2, 19.3"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application\u0027s backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity."
}
]
},
"impact": {
"cvss": {
"baseScore": 10,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-29493",
"datePublished": "2021-01-14T21:10:15.376000Z",
"dateReserved": "2020-12-03T00:00:00",
"dateUpdated": "2024-09-16T19:46:41.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5350 (GCVE-0-2020-5350)
Vulnerability from cvelistv5 – Published: 2020-04-15 18:00 – Updated: 2024-09-16 17:54
VLAI?
Summary
Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.
Severity ?
7.9 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Integrated Data Protection Appliance |
Affected:
unspecified , < 2.0, 2.1, 2.2, 2.3, 2.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0, 2.1, 2.2, 2.3, 2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T18:00:18",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-03-31",
"ID": "CVE-2020-5350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.0, 2.1, 2.2, 2.3, 2.4"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.9,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5350",
"datePublished": "2020-04-15T18:00:18.727517Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T17:54:54.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3762 (GCVE-0-2019-3762)
Vulnerability from cvelistv5 – Published: 2020-03-18 18:20 – Updated: 2024-09-16 23:15
VLAI?
Summary
Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data.
Severity ?
7.5 (High)
CWE
- CWE-296 - Improper Following of a Certificate's Chain of Trust
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Data Protection Central |
Affected:
1.0, 1.0.1, 18.1, 18.2, 19.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protection Central",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "1.0, 1.0.1, 18.1, 18.2, 19.1"
}
]
}
],
"datePublic": "2019-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-296",
"description": "CWE-296: Improper Following of a Certificate\u0027s Chain of Trust",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T18:20:16",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-09-04",
"ID": "CVE-2019-3762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protection Central",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0, 1.0.1, 18.1, 18.2, 19.1"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-296: Improper Following of a Certificate\u0027s Chain of Trust"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3762",
"datePublished": "2020-03-18T18:20:16.283199Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:15:44.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3765 (GCVE-0-2019-3765)
Vulnerability from cvelistv5 – Published: 2019-10-09 19:20 – Updated: 2024-09-16 21:02
VLAI?
Summary
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.
Severity ?
8.1 (High)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Dell | Avamar |
Affected:
7.4.1
Affected: 7.5.0 Affected: 7.5.1 Affected: 18.2 Affected: 19.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.2"
},
{
"status": "affected",
"version": "19.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2019-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T19:20:45",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-10-04",
"ID": "CVE-2019-3765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_affected": "=",
"version_value": "7.5.0"
},
{
"version_affected": "=",
"version_value": "7.5.1"
},
{
"version_affected": "=",
"version_value": "18.2"
},
{
"version_affected": "=",
"version_value": "19.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "2.1"
},
{
"version_affected": "=",
"version_value": "2.2"
},
{
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.1,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability",
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3765",
"datePublished": "2019-10-09T19:20:45.226308Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T21:02:30.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11077 (GCVE-0-2018-11077)
Vulnerability from cvelistv5 – Published: 2018-11-26 20:00 – Updated: 2024-09-17 03:06
VLAI?
Title
Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability
Summary
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
Severity ?
No CVSS data available.
CWE
- Command Injection Vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Dell EMC | Avamar |
Affected:
7.2.0
Affected: 7.2.1 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.4.0 Affected: 7.4.1 Affected: 7.5.0 Affected: 7.5.1 Affected: 18.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"name": "105971",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105971"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2018-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "\u0027getlogs\u0027 utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"name": "105971",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105971"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11077",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.5.1"
},
{
"version_value": "18.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\u0027getlogs\u0027 utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"name": "105971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105971"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11077",
"datePublished": "2018-11-26T20:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-17T03:06:58.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11066 (GCVE-0-2018-11066)
Vulnerability from cvelistv5 – Published: 2018-11-26 20:00 – Updated: 2024-09-17 03:43
VLAI?
Title
Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability
Summary
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution Vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Dell EMC | Avamar |
Affected:
7.2.0
Affected: 7.2.1 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.4.0 Affected: 7.4.1 Affected: 7.5.0 Affected: 7.5.1 Affected: 18.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105968",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105968"
},
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2018-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "105968",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105968"
},
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11066",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.5.1"
},
{
"version_value": "18.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105968"
},
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11066",
"datePublished": "2018-11-26T20:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-17T03:43:20.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11076 (GCVE-0-2018-11076)
Vulnerability from cvelistv5 – Published: 2018-11-26 20:00 – Updated: 2024-09-16 20:32
VLAI?
Title
Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability
Summary
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution Vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Dell EMC | Avamar |
Affected:
7.2.0
Affected: 7.2.1 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.4.0 Affected: 7.4.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105972",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105972"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"datePublic": "2018-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105972",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105972"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11076",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105972"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11076",
"datePublished": "2018-11-26T20:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-16T20:32:06.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11067 (GCVE-0-2018-11067)
Vulnerability from cvelistv5 – Published: 2018-11-26 20:00 – Updated: 2024-09-17 00:11
VLAI?
Title
Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability
Summary
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
Severity ?
No CVSS data available.
CWE
- Open Redirection Vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Dell EMC | Avamar |
Affected:
7.2.0
Affected: 7.2.1 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.4.0 Affected: 7.4.1 Affected: 7.5.0 Affected: 7.5.1 Affected: 18.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105969",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105969"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "18.1"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2018-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirection Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105969",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105969"
},
{
"name": "1042153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11067",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.5.1"
},
{
"version_value": "18.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirection Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/49"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105969"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11067",
"datePublished": "2018-11-26T20:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-17T00:11:44.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11062 (GCVE-0-2018-11062)
Vulnerability from cvelistv5 – Published: 2018-11-02 22:00 – Updated: 2024-09-16 18:04
VLAI?
Title
Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability
Summary
Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files.
Severity ?
No CVSS data available.
CWE
- Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell EMC | Integrated Data Protection Appliance |
Affected:
2.X , < 2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/53"
},
{
"name": "105764",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"lessThan": "2.3",
"status": "affected",
"version": "2.X",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named \u0027support\u0027 and \u0027admin\u0027 that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-03T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/53"
},
{
"name": "105764",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105764"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-10-29T16:00:00.000Z",
"ID": "CVE-2018-11062",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.X",
"version_value": "2.3"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named \u0027support\u0027 and \u0027admin\u0027 that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Oct/53"
},
{
"name": "105764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105764"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11062",
"datePublished": "2018-11-02T22:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-16T18:04:27.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11048 (GCVE-0-2018-11048)
Vulnerability from cvelistv5 – Published: 2018-08-10 20:00 – Updated: 2024-09-17 01:56
VLAI?
Summary
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.
Severity ?
No CVSS data available.
CWE
- XML External Entity Vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Dell EMC | Data Protection Advisor |
Affected:
6.2
Affected: 6.3 Affected: 6.4 , ≤ patch B180 (custom) Affected: 6.5 , ≤ patch B58 (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105130",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105130"
},
{
"name": "20180803 DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/5"
},
{
"name": "1041417",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041417"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protection Advisor",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"lessThanOrEqual": "patch B180",
"status": "affected",
"version": "6.4",
"versionType": "custom"
},
{
"lessThanOrEqual": "patch B58",
"status": "affected",
"version": "6.5",
"versionType": "custom"
}
]
},
{
"product": "Integrated Data Protection Appliance",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
}
]
}
],
"datePublic": "2018-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML External Entity Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "105130",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105130"
},
{
"name": "20180803 DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/5"
},
{
"name": "1041417",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041417"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-08-03T04:00:00.000Z",
"ID": "CVE-2018-11048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protection Advisor",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "6.2"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.3"
},
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "6.4",
"version_value": "patch B180"
},
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "6.5",
"version_value": "patch B58"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "2.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "2.1"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105130"
},
{
"name": "20180803 DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/5"
},
{
"name": "1041417",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041417"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-11048",
"datePublished": "2018-08-10T20:00:00Z",
"dateReserved": "2018-05-14T00:00:00",
"dateUpdated": "2024-09-17T01:56:30.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}