47 matches found
Remote code execution
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could...
Open redirect
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could...
Information disclosure
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance IDPA 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client...
Command injection
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially...
CVE-2018-11076
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance IDPA 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client...
CVE-2018-11076 Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance IDPA 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client...
CVE-2018-11077 Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially...
CVE-2018-11077
CVE-2018-11077 is the information-exposure aspect of the Dell EMC Avamar/IDPA command-injection issue tracked in VDP advisories. The connected VMware VMSA-2018-0029 confirms a separate command-injection flaw in the getlogs utility that can lead to root-level command execution when an authenticate...
Dell EMC Avamar and Integrated Data Protection Appliance Information Disclosure Vulnerability
Dell EMC Avamar Server and EMC Integrated Data Protection Appliance are both products of Dell Inc. Dell EMC Avamar Server is a fully virtualized backup and recovery software for servers.EMC Integrated Data Protection Appliance is a disk-based backup and recovery solution. EMC Integrated Data...
Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability
Dell EMC Avamar Server and EMC Integrated Data Protection Appliance are both products of Dell Inc. Dell EMC Avamar Server is a fully virtualized backup and recovery software for servers.EMC Integrated Data Protection Appliance is a disk-based backup and recovery solution. EMC Integrated Data...
Default credentials
Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default...
CVE-2018-11062
Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, and 2.2 contain undocumented accounts named ‘support’ and ‘admin’ protected by default passwords. These accounts have limited privileges but can access certain system files, enabling a potential attacker with knowledge of the...
Dell EMC Integrated Data Protection Appliance Unlogged Account Vulnerability
The Dell EMC Integrated Data Protection Appliance IDPA is a pre-integrated turnkey solution that is easy to deploy and scale, providing comprehensive protection for a wide range of application ecosystems. An undocumented account vulnerability exists in the Dell EMC Integrated Data Protection...
Xxe
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 contain a XML External Entity XXE Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to...
CVE-2018-11048
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 contain a XML External Entity XXE Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to...
Dell EMC Avamar And Integrated Data Protection Appliance Invalid Access Control
Exploit Title: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability DSA-2018-025 Date: 24/11/2017 Exploit Author: SlidingWindow Vendor Homepage: https://store.Dell EMC.com/en-us/AVAMAR-PRODUCTS/Dell-DELL...
Improper access control
Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local...
Dell EMC Avamar / Integrated Data Protection Missing Access Control Vulnerability
The Dell EMC Avamar Installation Manager component, within Dell EMC Avamar Server and Integrated Data Protection Appliance, is affected by a missing access control vulnerability. Dell EMC Avamar Server versions 7.3.1, 7.4.1, 7.50 and Dell EMC Integrated Data Protection Appliance versions 2.0 and...
Path traversal
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition NVE 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system...
Authentication flaw
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition NVE 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized...