Search

Find a vulnerability

Search criteria

    32 vulnerabilities found for emc_integrated_data_protection_appliance by dell

    CVE-2021-21601 (GCVE-0-2021-21601)

    Vulnerability from nvd – Published: 2021-08-10 19:05 – Updated: 2024-09-17 03:02
    VLAI
    Summary
    Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.
    CWE
    • CWE-532 - Information Exposure Through Log Files
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Data Protection Search Affected: unspecified , < 19.5 (custom)
    Create a notification for this product.
    Date Public
    2021-07-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:16:23.609Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/000189555"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Data Protection Search",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-07-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532: Information Exposure Through Log Files",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-10T19:05:37.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/000189555"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2021-07-22",
              "ID": "CVE-2021-21601",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Data Protection Search",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "19.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-532: Information Exposure Through Log Files"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/000189555",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/000189555"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2021-21601",
        "datePublished": "2021-08-10T19:05:37.917Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:02:46.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3752 (GCVE-0-2019-3752)

    Vulnerability from nvd – Published: 2021-07-16 21:20 – Updated: 2024-09-16 23:40
    VLAI
    Summary
    Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request.
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Avamar Affected: 7.4.1, 7.5.0, 7.5.1, 18.2
    Create a notification for this product.
    Date Public
    2019-10-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:18.278Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.4.1, 7.5.0, 7.5.1, 18.2"
                }
              ]
            }
          ],
          "datePublic": "2019-10-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T21:20:09.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2019-10-10",
              "ID": "CVE-2019-3752",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.4.1, 7.5.0, 7.5.1, 18.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.2,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3752",
        "datePublished": "2021-07-16T21:20:09.995Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:40:28.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-21511 (GCVE-0-2021-21511)

    Vulnerability from nvd – Published: 2021-02-15 22:10 – Updated: 2024-09-16 19:20
    VLAI
    Summary
    Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Avamar Affected: 19.3, 19.4
    Create a notification for this product.
    Date Public
    2021-02-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:16:22.627Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "19.3, 19.4"
                }
              ]
            }
          ],
          "datePublic": "2021-02-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users\u0027 backup data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-15T22:10:13.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2021-02-04",
              "ID": "CVE-2021-21511",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "19.3, 19.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users\u0027 backup data."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.1,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285: Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2021-21511",
        "datePublished": "2021-02-15T22:10:13.905Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:20:26.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29495 (GCVE-0-2020-29495)

    Vulnerability from nvd – Published: 2021-01-14 21:10 – Updated: 2024-09-16 16:12
    VLAI
    Summary
    DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Avamar Affected: unspecified , < HF 19.1, 19.2, 19.3 (custom)
    Create a notification for this product.
    Date Public
    2020-01-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:55:09.897Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "HF 19.1, 19.2, 19.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-01-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\u0027s underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-14T21:10:16.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2020-01-21",
              "ID": "CVE-2020-29495",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "HF 19.1, 19.2, 19.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\u0027s underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 10,
                "baseSeverity": "Critical",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2020-29495",
        "datePublished": "2021-01-14T21:10:16.713Z",
        "dateReserved": "2020-12-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:12:48.002Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29494 (GCVE-0-2020-29494)

    Vulnerability from nvd – Published: 2021-01-14 21:10 – Updated: 2024-09-16 17:38
    VLAI
    Summary
    Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Avamar Affected: unspecified , < HF 19.1, 19.2, 19.3 (custom)
    Create a notification for this product.
    Date Public
    2021-01-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:55:10.652Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "HF 19.1, 19.2, 19.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-01-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-14T21:10:15.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2021-01-12",
              "ID": "CVE-2020-29494",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "HF 19.1, 19.2, 19.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.7,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2020-29494",
        "datePublished": "2021-01-14T21:10:16.028Z",
        "dateReserved": "2020-12-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:38:57.030Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29493 (GCVE-0-2020-29493)

    Vulnerability from nvd – Published: 2021-01-14 21:10 – Updated: 2024-09-16 19:46
    VLAI
    Summary
    DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Avamar Affected: unspecified , < HF 19.1, 19.2, 19.3 (custom)
    Create a notification for this product.
    Date Public
    2021-01-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:55:09.764Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "HF 19.1, 19.2, 19.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-01-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application\u0027s backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-14T21:10:15.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2021-01-12",
              "ID": "CVE-2020-29493",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "HF 19.1, 19.2, 19.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application\u0027s backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 10,
                "baseSeverity": "Critical",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2020-29493",
        "datePublished": "2021-01-14T21:10:15.376Z",
        "dateReserved": "2020-12-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:46:41.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5350 (GCVE-0-2020-5350)

    Vulnerability from nvd – Published: 2020-04-15 18:00 – Updated: 2024-09-16 17:54
    VLAI
    Summary
    Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Integrated Data Protection Appliance Affected: unspecified , < 2.0, 2.1, 2.2, 2.3, 2.4 (custom)
    Create a notification for this product.
    Date Public
    2020-03-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:23.318Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Integrated Data Protection Appliance",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "2.0, 2.1, 2.2, 2.3, 2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-15T18:00:18.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2020-03-31",
              "ID": "CVE-2020-5350",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Integrated Data Protection Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.0, 2.1, 2.2, 2.3, 2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.9,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2020-5350",
        "datePublished": "2020-04-15T18:00:18.727Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:54:54.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3762 (GCVE-0-2019-3762)

    Vulnerability from nvd – Published: 2020-03-18 18:20 – Updated: 2024-09-16 23:15
    VLAI
    Summary
    Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data.
    CWE
    • CWE-296 - Improper Following of a Certificate's Chain of Trust
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Data Protection Central Affected: 1.0, 1.0.1, 18.1, 18.2, 19.1
    Create a notification for this product.
    Date Public
    2019-09-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:18.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Data Protection Central",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0, 1.0.1, 18.1, 18.2, 19.1"
                }
              ]
            }
          ],
          "datePublic": "2019-09-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-296",
                  "description": "CWE-296: Improper Following of a Certificate\u0027s Chain of Trust",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-18T18:20:16.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2019-09-04",
              "ID": "CVE-2019-3762",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Data Protection Central",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "1.0, 1.0.1, 18.1, 18.2, 19.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.5,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-296: Improper Following of a Certificate\u0027s Chain of Trust"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3762",
        "datePublished": "2020-03-18T18:20:16.283Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:15:44.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3765 (GCVE-0-2019-3765)

    Vulnerability from nvd – Published: 2019-10-09 19:20 – Updated: 2024-09-16 21:02
    VLAI
    Summary
    Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Avamar Affected: 7.4.1
    Affected: 7.5.0
    Affected: 7.5.1
    Affected: 18.2
    Affected: 19.1
    Create a notification for this product.
    Dell Integrated Data Protection Appliance Affected: 2.0
    Affected: 2.1
    Affected: 2.2
    Create a notification for this product.
    Date Public
    2019-10-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:18.448Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.5.0"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "18.2"
                },
                {
                  "status": "affected",
                  "version": "19.1"
                }
              ]
            },
            {
              "product": "Integrated Data Protection Appliance",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0"
                },
                {
                  "status": "affected",
                  "version": "2.1"
                },
                {
                  "status": "affected",
                  "version": "2.2"
                }
              ]
            }
          ],
          "datePublic": "2019-10-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-09T19:20:45.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2019-10-04",
              "ID": "CVE-2019-3765",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.4.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.5.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "18.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "19.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Integrated Data Protection Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "2.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "2.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.1,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability",
                  "refsource": "CONFIRM",
                  "url": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3765",
        "datePublished": "2019-10-09T19:20:45.226Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:02:30.184Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11077 (GCVE-0-2018-11077)

    Vulnerability from nvd – Published: 2018-11-26 20:00 – Updated: 2024-09-17 03:06
    VLAI
    Title
    Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability
    Summary
    'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
    Severity
    No CVSS data available.
    CWE
    • Command Injection Vulnerability
    Assigner
    References
    URL Tags
    https://www.vmware.com/security/advisories/VMSA-2… x_refsource_CONFIRM
    https://seclists.org/fulldisclosure/2018/Nov/51 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/105971 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1042153 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Dell EMC Avamar Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.5.0
    Affected: 7.5.1
    Affected: 18.1
    Create a notification for this product.
    Dell EMC Integrated Data Protection Appliance Affected: 2.0
    Affected: 2.1
    Affected: 2.2
    Create a notification for this product.
    Date Public
    2018-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.485Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
              },
              {
                "name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2018/Nov/51"
              },
              {
                "name": "105971",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105971"
              },
              {
                "name": "1042153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042153"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.5.0"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "18.1"
                }
              ]
            },
            {
              "product": "Integrated Data Protection Appliance",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0"
                },
                {
                  "status": "affected",
                  "version": "2.1"
                },
                {
                  "status": "affected",
                  "version": "2.2"
                }
              ]
            }
          ],
          "datePublic": "2018-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "\u0027getlogs\u0027 utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command Injection Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-27T16:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
            },
            {
              "name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Nov/51"
            },
            {
              "name": "105971",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105971"
            },
            {
              "name": "1042153",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042153"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
              "ID": "CVE-2018-11077",
              "STATE": "PUBLIC",
              "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.2.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.2.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.3.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.3.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.4.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.4.1"
                              },
                              {
                                "version_value": "7.5.0"
                              },
                              {
                                "version_value": "7.5.1"
                              },
                              {
                                "version_value": "18.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Integrated Data Protection Appliance",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "\u0027getlogs\u0027 utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
                },
                {
                  "name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2018/Nov/51"
                },
                {
                  "name": "105971",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105971"
                },
                {
                  "name": "1042153",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042153"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11077",
        "datePublished": "2018-11-26T20:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:06:58.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11076 (GCVE-0-2018-11076)

    Vulnerability from nvd – Published: 2018-11-26 20:00 – Updated: 2024-09-16 20:32
    VLAI
    Title
    Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability
    Summary
    Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution Vulnerability
    Assigner
    References
    URL Tags
    https://seclists.org/fulldisclosure/2018/Nov/50 mailing-listx_refsource_FULLDISC
    https://www.vmware.com/security/advisories/VMSA-2… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/105972 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1042153 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Dell EMC Avamar Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.4.0
    Affected: 7.4.1
    Create a notification for this product.
    Dell EMC Integrated Data Protection Appliance Affected: 2.0
    Create a notification for this product.
    Date Public
    2018-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.567Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2018/Nov/50"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
              },
              {
                "name": "105972",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105972"
              },
              {
                "name": "1042153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042153"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                }
              ]
            },
            {
              "product": "Integrated Data Protection Appliance",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0"
                }
              ]
            }
          ],
          "datePublic": "2018-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-27T16:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Nov/50"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
            },
            {
              "name": "105972",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105972"
            },
            {
              "name": "1042153",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042153"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
              "ID": "CVE-2018-11076",
              "STATE": "PUBLIC",
              "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.2.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.2.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.3.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.3.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.4.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.4.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Integrated Data Protection Appliance",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2018/Nov/50"
                },
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
                },
                {
                  "name": "105972",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105972"
                },
                {
                  "name": "1042153",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042153"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11076",
        "datePublished": "2018-11-26T20:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:32:06.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11067 (GCVE-0-2018-11067)

    Vulnerability from nvd – Published: 2018-11-26 20:00 – Updated: 2024-09-17 00:11
    VLAI
    Title
    Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability
    Summary
    Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
    Severity
    No CVSS data available.
    CWE
    • Open Redirection Vulnerability
    Assigner
    References
    URL Tags
    https://seclists.org/fulldisclosure/2018/Nov/49 mailing-listx_refsource_FULLDISC
    https://www.vmware.com/security/advisories/VMSA-2… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/105969 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1042153 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Dell EMC Avamar Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.5.0
    Affected: 7.5.1
    Affected: 18.1
    Create a notification for this product.
    Dell EMC Integrated Data Protection Appliance Affected: 2.0
    Affected: 2.1
    Affected: 2.2
    Create a notification for this product.
    Date Public
    2018-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.648Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
              },
              {
                "name": "105969",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105969"
              },
              {
                "name": "1042153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042153"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.5.0"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "18.1"
                }
              ]
            },
            {
              "product": "Integrated Data Protection Appliance",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0"
                },
                {
                  "status": "affected",
                  "version": "2.1"
                },
                {
                  "status": "affected",
                  "version": "2.2"
                }
              ]
            }
          ],
          "datePublic": "2018-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Open Redirection Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-27T16:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
            },
            {
              "name": "105969",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105969"
            },
            {
              "name": "1042153",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042153"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
              "ID": "CVE-2018-11067",
              "STATE": "PUBLIC",
              "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.2.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.2.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.3.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.3.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.4.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.4.1"
                              },
                              {
                                "version_value": "7.5.0"
                              },
                              {
                                "version_value": "7.5.1"
                              },
                              {
                                "version_value": "18.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Integrated Data Protection Appliance",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Open Redirection Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
                },
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
                },
                {
                  "name": "105969",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105969"
                },
                {
                  "name": "1042153",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042153"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11067",
        "datePublished": "2018-11-26T20:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:11:44.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11066 (GCVE-0-2018-11066)

    Vulnerability from nvd – Published: 2018-11-26 20:00 – Updated: 2024-09-17 03:43
    VLAI
    Title
    Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability
    Summary
    Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution Vulnerability
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/105968 vdb-entryx_refsource_BID
    https://seclists.org/fulldisclosure/2018/Nov/49 mailing-listx_refsource_FULLDISC
    https://www.vmware.com/security/advisories/VMSA-2… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1042153 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Dell EMC Avamar Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.5.0
    Affected: 7.5.1
    Affected: 18.1
    Create a notification for this product.
    Dell EMC Integrated Data Protection Appliance Affected: 2.0
    Affected: 2.1
    Affected: 2.2
    Create a notification for this product.
    Date Public
    2018-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.502Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105968",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105968"
              },
              {
                "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
              },
              {
                "name": "1042153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042153"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.5.0"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "18.1"
                }
              ]
            },
            {
              "product": "Integrated Data Protection Appliance",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0"
                },
                {
                  "status": "affected",
                  "version": "2.1"
                },
                {
                  "status": "affected",
                  "version": "2.2"
                }
              ]
            }
          ],
          "datePublic": "2018-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-27T16:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "105968",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105968"
            },
            {
              "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
            },
            {
              "name": "1042153",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042153"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
              "ID": "CVE-2018-11066",
              "STATE": "PUBLIC",
              "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.2.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.2.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.3.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.3.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.4.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.4.1"
                              },
                              {
                                "version_value": "7.5.0"
                              },
                              {
                                "version_value": "7.5.1"
                              },
                              {
                                "version_value": "18.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Integrated Data Protection Appliance",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105968",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105968"
                },
                {
                  "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
                },
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
                },
                {
                  "name": "1042153",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042153"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11066",
        "datePublished": "2018-11-26T20:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:43:20.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11062 (GCVE-0-2018-11062)

    Vulnerability from nvd – Published: 2018-11-02 22:00 – Updated: 2024-09-16 18:04
    VLAI
    Title
    Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability
    Summary
    Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files.
    Severity
    No CVSS data available.
    CWE
    • Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability
    Assigner
    References
    URL Tags
    https://seclists.org/fulldisclosure/2018/Oct/53 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/105764 vdb-entryx_refsource_BID
    Impacted products
    Date Public
    2018-10-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.804Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2018/Oct/53"
              },
              {
                "name": "105764",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105764"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Integrated Data Protection Appliance",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.3",
                  "status": "affected",
                  "version": "2.X",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-10-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named \u0027support\u0027 and \u0027admin\u0027 that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-03T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Oct/53"
            },
            {
              "name": "105764",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105764"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-10-29T16:00:00.000Z",
              "ID": "CVE-2018-11062",
              "STATE": "PUBLIC",
              "TITLE": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Integrated Data Protection Appliance",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.X",
                                "version_value": "2.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named \u0027support\u0027 and \u0027admin\u0027 that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2018/Oct/53"
                },
                {
                  "name": "105764",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105764"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11062",
        "datePublished": "2018-11-02T22:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:04:27.800Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11048 (GCVE-0-2018-11048)

    Vulnerability from nvd – Published: 2018-08-10 20:00 – Updated: 2024-09-17 01:56
    VLAI
    Summary
    Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.
    Severity
    No CVSS data available.
    CWE
    • XML External Entity Vulnerability
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/105130 vdb-entryx_refsource_BID
    http://seclists.org/fulldisclosure/2018/Aug/5 mailing-listx_refsource_FULLDISC
    http://www.securitytracker.com/id/1041417 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Dell EMC Data Protection Advisor Affected: 6.2
    Affected: 6.3
    Affected: 6.4 , ≤ patch B180 (custom)
    Affected: 6.5 , ≤ patch B58 (custom)
    Create a notification for this product.
    Dell EMC Integrated Data Protection Appliance Affected: 2.0
    Affected: 2.1
    Create a notification for this product.
    Date Public
    2018-08-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.495Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105130",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105130"
              },
              {
                "name": "20180803 DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Aug/5"
              },
              {
                "name": "1041417",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041417"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Data Protection Advisor",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "6.3"
                },
                {
                  "lessThanOrEqual": "patch B180",
                  "status": "affected",
                  "version": "6.4",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "patch B58",
                  "status": "affected",
                  "version": "6.5",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Integrated Data Protection Appliance",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0"
                },
                {
                  "status": "affected",
                  "version": "2.1"
                }
              ]
            }
          ],
          "datePublic": "2018-08-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XML External Entity Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-24T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "105130",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105130"
            },
            {
              "name": "20180803 DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Aug/5"
            },
            {
              "name": "1041417",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041417"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-08-03T04:00:00.000Z",
              "ID": "CVE-2018-11048",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Data Protection Advisor",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "6.2"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "6.3"
                              },
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "6.4",
                                "version_value": "patch B180"
                              },
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "6.5",
                                "version_value": "patch B58"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Integrated Data Protection Appliance",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XML External Entity Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105130",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105130"
                },
                {
                  "name": "20180803 DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Aug/5"
                },
                {
                  "name": "1041417",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041417"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11048",
        "datePublished": "2018-08-10T20:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:56:30.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-21601 (GCVE-0-2021-21601)

    Vulnerability from cvelistv5 – Published: 2021-08-10 19:05 – Updated: 2024-09-17 03:02
    VLAI
    Summary
    Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.
    CWE
    • CWE-532 - Information Exposure Through Log Files
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Data Protection Search Affected: unspecified , < 19.5 (custom)
    Create a notification for this product.
    Date Public
    2021-07-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:16:23.609Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/000189555"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Data Protection Search",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-07-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532: Information Exposure Through Log Files",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-10T19:05:37.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/000189555"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2021-07-22",
              "ID": "CVE-2021-21601",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Data Protection Search",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "19.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-532: Information Exposure Through Log Files"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/000189555",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/000189555"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2021-21601",
        "datePublished": "2021-08-10T19:05:37.917Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:02:46.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3752 (GCVE-0-2019-3752)

    Vulnerability from cvelistv5 – Published: 2021-07-16 21:20 – Updated: 2024-09-16 23:40
    VLAI
    Summary
    Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request.
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Avamar Affected: 7.4.1, 7.5.0, 7.5.1, 18.2
    Create a notification for this product.
    Date Public
    2019-10-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:18.278Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.4.1, 7.5.0, 7.5.1, 18.2"
                }
              ]
            }
          ],
          "datePublic": "2019-10-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T21:20:09.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2019-10-10",
              "ID": "CVE-2019-3752",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.4.1, 7.5.0, 7.5.1, 18.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.2,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3752",
        "datePublished": "2021-07-16T21:20:09.995Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:40:28.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-21511 (GCVE-0-2021-21511)

    Vulnerability from cvelistv5 – Published: 2021-02-15 22:10 – Updated: 2024-09-16 19:20
    VLAI
    Summary
    Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Avamar Affected: 19.3, 19.4
    Create a notification for this product.
    Date Public
    2021-02-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:16:22.627Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "19.3, 19.4"
                }
              ]
            }
          ],
          "datePublic": "2021-02-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users\u0027 backup data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-15T22:10:13.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2021-02-04",
              "ID": "CVE-2021-21511",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "19.3, 19.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users\u0027 backup data."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.1,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285: Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2021-21511",
        "datePublished": "2021-02-15T22:10:13.905Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:20:26.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29495 (GCVE-0-2020-29495)

    Vulnerability from cvelistv5 – Published: 2021-01-14 21:10 – Updated: 2024-09-16 16:12
    VLAI
    Summary
    DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Avamar Affected: unspecified , < HF 19.1, 19.2, 19.3 (custom)
    Create a notification for this product.
    Date Public
    2020-01-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:55:09.897Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "HF 19.1, 19.2, 19.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-01-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\u0027s underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-14T21:10:16.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2020-01-21",
              "ID": "CVE-2020-29495",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "HF 19.1, 19.2, 19.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\u0027s underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 10,
                "baseSeverity": "Critical",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2020-29495",
        "datePublished": "2021-01-14T21:10:16.713Z",
        "dateReserved": "2020-12-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:12:48.002Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29494 (GCVE-0-2020-29494)

    Vulnerability from cvelistv5 – Published: 2021-01-14 21:10 – Updated: 2024-09-16 17:38
    VLAI
    Summary
    Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Avamar Affected: unspecified , < HF 19.1, 19.2, 19.3 (custom)
    Create a notification for this product.
    Date Public
    2021-01-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:55:10.652Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "HF 19.1, 19.2, 19.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-01-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-14T21:10:15.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2021-01-12",
              "ID": "CVE-2020-29494",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "HF 19.1, 19.2, 19.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.7,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2020-29494",
        "datePublished": "2021-01-14T21:10:16.028Z",
        "dateReserved": "2020-12-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:38:57.030Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29493 (GCVE-0-2020-29493)

    Vulnerability from cvelistv5 – Published: 2021-01-14 21:10 – Updated: 2024-09-16 19:46
    VLAI
    Summary
    DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Avamar Affected: unspecified , < HF 19.1, 19.2, 19.3 (custom)
    Create a notification for this product.
    Date Public
    2021-01-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:55:09.764Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "HF 19.1, 19.2, 19.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-01-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application\u0027s backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-14T21:10:15.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2021-01-12",
              "ID": "CVE-2020-29493",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "HF 19.1, 19.2, 19.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application\u0027s backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 10,
                "baseSeverity": "Critical",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2020-29493",
        "datePublished": "2021-01-14T21:10:15.376Z",
        "dateReserved": "2020-12-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:46:41.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5350 (GCVE-0-2020-5350)

    Vulnerability from cvelistv5 – Published: 2020-04-15 18:00 – Updated: 2024-09-16 17:54
    VLAI
    Summary
    Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Integrated Data Protection Appliance Affected: unspecified , < 2.0, 2.1, 2.2, 2.3, 2.4 (custom)
    Create a notification for this product.
    Date Public
    2020-03-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:23.318Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Integrated Data Protection Appliance",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "2.0, 2.1, 2.2, 2.3, 2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-15T18:00:18.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2020-03-31",
              "ID": "CVE-2020-5350",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Integrated Data Protection Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.0, 2.1, 2.2, 2.3, 2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.9,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2020-5350",
        "datePublished": "2020-04-15T18:00:18.727Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:54:54.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3762 (GCVE-0-2019-3762)

    Vulnerability from cvelistv5 – Published: 2020-03-18 18:20 – Updated: 2024-09-16 23:15
    VLAI
    Summary
    Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data.
    CWE
    • CWE-296 - Improper Following of a Certificate's Chain of Trust
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Data Protection Central Affected: 1.0, 1.0.1, 18.1, 18.2, 19.1
    Create a notification for this product.
    Date Public
    2019-09-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:18.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Data Protection Central",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0, 1.0.1, 18.1, 18.2, 19.1"
                }
              ]
            }
          ],
          "datePublic": "2019-09-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-296",
                  "description": "CWE-296: Improper Following of a Certificate\u0027s Chain of Trust",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-18T18:20:16.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2019-09-04",
              "ID": "CVE-2019-3762",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Data Protection Central",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "1.0, 1.0.1, 18.1, 18.2, 19.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.5,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-296: Improper Following of a Certificate\u0027s Chain of Trust"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3762",
        "datePublished": "2020-03-18T18:20:16.283Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:15:44.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3765 (GCVE-0-2019-3765)

    Vulnerability from cvelistv5 – Published: 2019-10-09 19:20 – Updated: 2024-09-16 21:02
    VLAI
    Summary
    Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Avamar Affected: 7.4.1
    Affected: 7.5.0
    Affected: 7.5.1
    Affected: 18.2
    Affected: 19.1
    Create a notification for this product.
    Dell Integrated Data Protection Appliance Affected: 2.0
    Affected: 2.1
    Affected: 2.2
    Create a notification for this product.
    Date Public
    2019-10-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:18.448Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.5.0"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "18.2"
                },
                {
                  "status": "affected",
                  "version": "19.1"
                }
              ]
            },
            {
              "product": "Integrated Data Protection Appliance",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0"
                },
                {
                  "status": "affected",
                  "version": "2.1"
                },
                {
                  "status": "affected",
                  "version": "2.2"
                }
              ]
            }
          ],
          "datePublic": "2019-10-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-09T19:20:45.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2019-10-04",
              "ID": "CVE-2019-3765",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.4.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.5.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "18.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "19.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Integrated Data Protection Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "2.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "2.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.1,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability",
                  "refsource": "CONFIRM",
                  "url": "https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3765",
        "datePublished": "2019-10-09T19:20:45.226Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:02:30.184Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11067 (GCVE-0-2018-11067)

    Vulnerability from cvelistv5 – Published: 2018-11-26 20:00 – Updated: 2024-09-17 00:11
    VLAI
    Title
    Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability
    Summary
    Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
    Severity
    No CVSS data available.
    CWE
    • Open Redirection Vulnerability
    Assigner
    References
    URL Tags
    https://seclists.org/fulldisclosure/2018/Nov/49 mailing-listx_refsource_FULLDISC
    https://www.vmware.com/security/advisories/VMSA-2… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/105969 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1042153 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Dell EMC Avamar Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.5.0
    Affected: 7.5.1
    Affected: 18.1
    Create a notification for this product.
    Dell EMC Integrated Data Protection Appliance Affected: 2.0
    Affected: 2.1
    Affected: 2.2
    Create a notification for this product.
    Date Public
    2018-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.648Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
              },
              {
                "name": "105969",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105969"
              },
              {
                "name": "1042153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042153"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.5.0"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "18.1"
                }
              ]
            },
            {
              "product": "Integrated Data Protection Appliance",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0"
                },
                {
                  "status": "affected",
                  "version": "2.1"
                },
                {
                  "status": "affected",
                  "version": "2.2"
                }
              ]
            }
          ],
          "datePublic": "2018-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Open Redirection Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-27T16:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
            },
            {
              "name": "105969",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105969"
            },
            {
              "name": "1042153",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042153"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
              "ID": "CVE-2018-11067",
              "STATE": "PUBLIC",
              "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.2.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.2.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.3.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.3.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.4.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.4.1"
                              },
                              {
                                "version_value": "7.5.0"
                              },
                              {
                                "version_value": "7.5.1"
                              },
                              {
                                "version_value": "18.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Integrated Data Protection Appliance",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Open Redirection Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
                },
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
                },
                {
                  "name": "105969",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105969"
                },
                {
                  "name": "1042153",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042153"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11067",
        "datePublished": "2018-11-26T20:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:11:44.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11076 (GCVE-0-2018-11076)

    Vulnerability from cvelistv5 – Published: 2018-11-26 20:00 – Updated: 2024-09-16 20:32
    VLAI
    Title
    Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability
    Summary
    Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution Vulnerability
    Assigner
    References
    URL Tags
    https://seclists.org/fulldisclosure/2018/Nov/50 mailing-listx_refsource_FULLDISC
    https://www.vmware.com/security/advisories/VMSA-2… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/105972 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1042153 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Dell EMC Avamar Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.4.0
    Affected: 7.4.1
    Create a notification for this product.
    Dell EMC Integrated Data Protection Appliance Affected: 2.0
    Create a notification for this product.
    Date Public
    2018-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.567Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2018/Nov/50"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
              },
              {
                "name": "105972",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105972"
              },
              {
                "name": "1042153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042153"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                }
              ]
            },
            {
              "product": "Integrated Data Protection Appliance",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0"
                }
              ]
            }
          ],
          "datePublic": "2018-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-27T16:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Nov/50"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
            },
            {
              "name": "105972",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105972"
            },
            {
              "name": "1042153",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042153"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
              "ID": "CVE-2018-11076",
              "STATE": "PUBLIC",
              "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.2.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.2.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.3.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.3.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.4.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.4.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Integrated Data Protection Appliance",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2018/Nov/50"
                },
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
                },
                {
                  "name": "105972",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105972"
                },
                {
                  "name": "1042153",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042153"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11076",
        "datePublished": "2018-11-26T20:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:32:06.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11077 (GCVE-0-2018-11077)

    Vulnerability from cvelistv5 – Published: 2018-11-26 20:00 – Updated: 2024-09-17 03:06
    VLAI
    Title
    Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability
    Summary
    'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
    Severity
    No CVSS data available.
    CWE
    • Command Injection Vulnerability
    Assigner
    References
    URL Tags
    https://www.vmware.com/security/advisories/VMSA-2… x_refsource_CONFIRM
    https://seclists.org/fulldisclosure/2018/Nov/51 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/105971 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1042153 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Dell EMC Avamar Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.5.0
    Affected: 7.5.1
    Affected: 18.1
    Create a notification for this product.
    Dell EMC Integrated Data Protection Appliance Affected: 2.0
    Affected: 2.1
    Affected: 2.2
    Create a notification for this product.
    Date Public
    2018-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.485Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
              },
              {
                "name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2018/Nov/51"
              },
              {
                "name": "105971",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105971"
              },
              {
                "name": "1042153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042153"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.5.0"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "18.1"
                }
              ]
            },
            {
              "product": "Integrated Data Protection Appliance",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0"
                },
                {
                  "status": "affected",
                  "version": "2.1"
                },
                {
                  "status": "affected",
                  "version": "2.2"
                }
              ]
            }
          ],
          "datePublic": "2018-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "\u0027getlogs\u0027 utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command Injection Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-27T16:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
            },
            {
              "name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Nov/51"
            },
            {
              "name": "105971",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105971"
            },
            {
              "name": "1042153",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042153"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
              "ID": "CVE-2018-11077",
              "STATE": "PUBLIC",
              "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.2.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.2.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.3.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.3.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.4.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.4.1"
                              },
                              {
                                "version_value": "7.5.0"
                              },
                              {
                                "version_value": "7.5.1"
                              },
                              {
                                "version_value": "18.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Integrated Data Protection Appliance",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "\u0027getlogs\u0027 utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
                },
                {
                  "name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2018/Nov/51"
                },
                {
                  "name": "105971",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105971"
                },
                {
                  "name": "1042153",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042153"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11077",
        "datePublished": "2018-11-26T20:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:06:58.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11066 (GCVE-0-2018-11066)

    Vulnerability from cvelistv5 – Published: 2018-11-26 20:00 – Updated: 2024-09-17 03:43
    VLAI
    Title
    Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability
    Summary
    Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution Vulnerability
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/105968 vdb-entryx_refsource_BID
    https://seclists.org/fulldisclosure/2018/Nov/49 mailing-listx_refsource_FULLDISC
    https://www.vmware.com/security/advisories/VMSA-2… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1042153 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Dell EMC Avamar Affected: 7.2.0
    Affected: 7.2.1
    Affected: 7.3.0
    Affected: 7.3.1
    Affected: 7.4.0
    Affected: 7.4.1
    Affected: 7.5.0
    Affected: 7.5.1
    Affected: 18.1
    Create a notification for this product.
    Dell EMC Integrated Data Protection Appliance Affected: 2.0
    Affected: 2.1
    Affected: 2.2
    Create a notification for this product.
    Date Public
    2018-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.502Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105968",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105968"
              },
              {
                "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
              },
              {
                "name": "1042153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042153"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Avamar",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.0"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.5.0"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "18.1"
                }
              ]
            },
            {
              "product": "Integrated Data Protection Appliance",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0"
                },
                {
                  "status": "affected",
                  "version": "2.1"
                },
                {
                  "status": "affected",
                  "version": "2.2"
                }
              ]
            }
          ],
          "datePublic": "2018-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-27T16:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "105968",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105968"
            },
            {
              "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
            },
            {
              "name": "1042153",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042153"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
              "ID": "CVE-2018-11066",
              "STATE": "PUBLIC",
              "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Avamar",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.2.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.2.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.3.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.3.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.4.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "7.4.1"
                              },
                              {
                                "version_value": "7.5.0"
                              },
                              {
                                "version_value": "7.5.1"
                              },
                              {
                                "version_value": "18.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Integrated Data Protection Appliance",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.1"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105968",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105968"
                },
                {
                  "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
                },
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
                },
                {
                  "name": "1042153",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042153"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11066",
        "datePublished": "2018-11-26T20:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:43:20.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11062 (GCVE-0-2018-11062)

    Vulnerability from cvelistv5 – Published: 2018-11-02 22:00 – Updated: 2024-09-16 18:04
    VLAI
    Title
    Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability
    Summary
    Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files.
    Severity
    No CVSS data available.
    CWE
    • Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability
    Assigner
    References
    URL Tags
    https://seclists.org/fulldisclosure/2018/Oct/53 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/105764 vdb-entryx_refsource_BID
    Impacted products
    Date Public
    2018-10-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.804Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2018/Oct/53"
              },
              {
                "name": "105764",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105764"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Integrated Data Protection Appliance",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.3",
                  "status": "affected",
                  "version": "2.X",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-10-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named \u0027support\u0027 and \u0027admin\u0027 that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-03T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Oct/53"
            },
            {
              "name": "105764",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105764"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-10-29T16:00:00.000Z",
              "ID": "CVE-2018-11062",
              "STATE": "PUBLIC",
              "TITLE": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Integrated Data Protection Appliance",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "2.X",
                                "version_value": "2.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named \u0027support\u0027 and \u0027admin\u0027 that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "https://seclists.org/fulldisclosure/2018/Oct/53"
                },
                {
                  "name": "105764",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105764"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11062",
        "datePublished": "2018-11-02T22:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:04:27.800Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11048 (GCVE-0-2018-11048)

    Vulnerability from cvelistv5 – Published: 2018-08-10 20:00 – Updated: 2024-09-17 01:56
    VLAI
    Summary
    Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.
    Severity
    No CVSS data available.
    CWE
    • XML External Entity Vulnerability
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/105130 vdb-entryx_refsource_BID
    http://seclists.org/fulldisclosure/2018/Aug/5 mailing-listx_refsource_FULLDISC
    http://www.securitytracker.com/id/1041417 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Dell EMC Data Protection Advisor Affected: 6.2
    Affected: 6.3
    Affected: 6.4 , ≤ patch B180 (custom)
    Affected: 6.5 , ≤ patch B58 (custom)
    Create a notification for this product.
    Dell EMC Integrated Data Protection Appliance Affected: 2.0
    Affected: 2.1
    Create a notification for this product.
    Date Public
    2018-08-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:36.495Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105130",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105130"
              },
              {
                "name": "20180803 DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Aug/5"
              },
              {
                "name": "1041417",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041417"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Data Protection Advisor",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "6.3"
                },
                {
                  "lessThanOrEqual": "patch B180",
                  "status": "affected",
                  "version": "6.4",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "patch B58",
                  "status": "affected",
                  "version": "6.5",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Integrated Data Protection Appliance",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0"
                },
                {
                  "status": "affected",
                  "version": "2.1"
                }
              ]
            }
          ],
          "datePublic": "2018-08-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XML External Entity Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-24T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "105130",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105130"
            },
            {
              "name": "20180803 DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Aug/5"
            },
            {
              "name": "1041417",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041417"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-08-03T04:00:00.000Z",
              "ID": "CVE-2018-11048",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Data Protection Advisor",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "6.2"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "6.3"
                              },
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "6.4",
                                "version_value": "patch B180"
                              },
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "6.5",
                                "version_value": "patch B58"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Integrated Data Protection Appliance",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.0"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_value": "2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XML External Entity Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105130",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105130"
                },
                {
                  "name": "20180803 DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Aug/5"
                },
                {
                  "name": "1041417",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041417"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-11048",
        "datePublished": "2018-08-10T20:00:00.000Z",
        "dateReserved": "2018-05-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:56:30.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }