CVE-2018-15773

Dell Encryption (formerly Dell Data Protection/Encryption) versions 10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access could access the unencrypted RegBack folder containing backups of sensitive system files. The impact is confidentiality los...

CVE-2018-15773 Dell Encryption Enterprise \ Dell Data Protection Encryption Information Disclosure Vulnerability

Dell Encryption formerly Dell Data Protection | Encryption v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of...

A week in security (November 26 – December 2)

Last week on Malwarebytes Labs, we took a look at our cybersecurity predictions for 2019, we explained why Malwarebytes participated in AV testing and how we took part in an joint take down of massive ad fraud botnets, warned that ESTA registration websites still lurk in paid ads on Google,...

What the Marriott Breach Says About Security

We don't yet know the root causes that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause ...

VMware vSphere Data Protection 6.0.x < 6.0.9 / 6.1.x < 6.1.10 Multiple Vulnerabilities (VMSA-2018-0029)

The version of VMware vSphere Data Protection installed on the remote host is 6.0.x 6.0.9 and 6.1.x 6.1.10. It is, therefore, affected by the following vulnerabilities: - A remote command execution vulnerability. An unauthenticated, remote attacker can exploit this to bypass authentication and...

Knuddels Flirt App Slapped with Hefty Fine After Data Breach

Germany has slapped a popular in-region dating, flirting and chat service with a €20,000 fine or around $22,667, after a hack affected more than 1.8 million accounts this summer. The Baden-Württemberg Data Protection Authority announced last week it had issued the fine, which is the country’s fir...

CVE-2018-11066

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could...

CVE-2018-11067

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could...

CVE-2018-11077

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially...

Remote code execution

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could...

Open redirect

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could...

Information disclosure

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance IDPA 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client...

Command injection

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially...

CVE-2018-11076

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance IDPA 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client...

CVE-2018-11077

CVE-2018-11077 is the information-exposure aspect of the Dell EMC Avamar/IDPA command-injection issue tracked in VDP advisories. The connected VMware VMSA-2018-0029 confirms a separate command-injection flaw in the getlogs utility that can lead to root-level command execution when an authenticate...

CVE-2018-11076 Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance IDPA 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client...

CVE-2018-11077 Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially...

How to help maintain security compliance

This is the last post in our eight-blog series on deploying Intelligent Security scenarios. To read the previous entries, check out the Deployment series page. Your employees need to access, generate, and share organizational information ranging from extremely confidential to informal; you must...

Dell EMC Avamar and Integrated Data Protection Appliance Information Disclosure Vulnerability

Dell EMC Avamar Server and EMC Integrated Data Protection Appliance are both products of Dell Inc. Dell EMC Avamar Server is a fully virtualized backup and recovery software for servers.EMC Integrated Data Protection Appliance is a disk-based backup and recovery solution. EMC Integrated Data...

Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability

Dell EMC Avamar Server and EMC Integrated Data Protection Appliance are both products of Dell Inc. Dell EMC Avamar Server is a fully virtualized backup and recovery software for servers.EMC Integrated Data Protection Appliance is a disk-based backup and recovery solution. EMC Integrated Data...