Deserialization of untrusted data

Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated...

CVE-2020-5341

Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated...

CVE-2019-3747

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users...

Authentication flaw

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system...

The vulnerability of the Dell EMC Avamar Server backup system and the DELL EMC Integrated Data Protection system arises from the failure to take measures to eliminate special elements used in the operating system command set, allowing attackers to execute arbitrary commands with root privileges.

The vulnerability of the Dell EMC Avamar Server backup system and the DELL EMC Integrated Data Protection system exists due to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a malicious actor to execute arbitrary comman...

The vulnerability of the Dell EMC Avamar Server backup system and the DELL EMC Integrated Data Protection system lies in the lack of protection for operational data, allowing attackers to obtain the SSL/TLS connection private keys.

The vulnerability of the Dell EMC Avamar Server backup system and the DELL EMC Integrated Data Protection Appliance lies in the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor to obtain the SSL/TLS connection secrets...

Remote code execution

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could...

Command injection

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially...

CVE-2018-11076 Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance IDPA 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client...

CVE-2018-11077 Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially...

Default credentials

Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default...

Dell EMC Avamar And Integrated Data Protection Appliance Invalid Access Control

Exploit Title: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability DSA-2018-025 Date: 24/11/2017 Exploit Author: SlidingWindow Vendor Homepage: https://store.Dell EMC.com/en-us/AVAMAR-PRODUCTS/Dell-DELL...

Improper access control

Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local...

Dell EMC Avamar / Integrated Data Protection Missing Access Control Vulnerability

The Dell EMC Avamar Installation Manager component, within Dell EMC Avamar Server and Integrated Data Protection Appliance, is affected by a missing access control vulnerability. Dell EMC Avamar Server versions 7.3.1, 7.4.1, 7.50 and Dell EMC Integrated Data Protection Appliance versions 2.0 and...

Design/Logic Flaw

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition NVE 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted...

Path traversal

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition NVE 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system...

CVE-2017-15549

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition NVE 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted...

CVE-2017-15548

CVE-2017-15548 affects EMC/VDP solutions: vSphere Data Protection (VDP) on VMware appliances 5.x, 6.0.x, 6.1.x with an authentication bypass vulnerability that could allow a remote unauthenticated attacker to gain unauthorized root access. Related issues CVE-2017-15549 (arbitrary file upload) and...