Lucene search

[email protected]CVE-2020-29493

HistoryJan 14, 2021 - 9:15 p.m.

CVE-2020-29493

2021-01-1421:15:13

CWE-89

[email protected]

web.nvd.nist.gov

cve-2020-29493

dell emc avamar server

19.1

19.2

19.3

sql injection

remote exploitation

critical vulnerability

data leakage

data deletion

upgrade recommendation

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.5%

JSON

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application’s backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.

Affected configurations

NVD

Node

dellemc_avamar_serverMatch19.1

dellemc_avamar_serverMatch19.2

dellemc_avamar_serverMatch19.3

dellemc_integrated_data_protection_applianceMatch2.5

dellemc_integrated_data_protection_applianceMatch2.6

CPENameOperatorVersion
dell:emc_avamar_serverdell emc avamar servereq19.1
dell:emc_avamar_serverdell emc avamar servereq19.2
dell:emc_avamar_serverdell emc avamar servereq19.3
dell:emc_integrated_data_protection_appliancedell emc integrated data protection applianceeq2.5
dell:emc_integrated_data_protection_appliancedell emc integrated data protection applianceeq2.6

CPE	Name	Operator	Version
dell:emc_avamar_server	dell emc avamar server	eq	19.1
dell:emc_avamar_server	dell emc avamar server	eq	19.2
dell:emc_avamar_server	dell emc avamar server	eq	19.3
dell:emc_integrated_data_protection_appliance	dell emc integrated data protection appliance	eq	2.5
dell:emc_integrated_data_protection_appliance	dell emc integrated data protection appliance	eq	2.6

CNA Affected

[
  {
    "product": "Avamar",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "HF 19.1, 19.2, 19.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities

Social References

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.5%

JSON

Related for CVE-2020-29493

prion1 cvelist1 nvd1