Lucene search
+L
DellEmc Integrated Data Protection Appliance

16 matches found

CVE
CVE
added 2021/07/16 9:20 p.m.205 views

CVE-2019-3752

CVE-2019-3752 impacts Dell EMC Avamar Server (versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1) and Dell EMC Integrated Data Protection Appliance (IDPA) (2.0–2.4). It is an XML External Entity (XXE) Injection vulnerability allowing a remote unauthenticated attacker to cause Denial of Service or informati...

8.2CVSS8.1AI score0.00977EPSS
CVE
CVE
added 2018/04/09 8:0 p.m.80 views

CVE-2018-1217

Dell EMC Avamar/Integrated Data Protection Appliance Installation Manager (LDLS) contains a missing access control vulnerability (CVE-2018-1217) affecting Avamar Server 7.3.1, 7.4.1, 7.5.0 and IDS/AVE Appliance 2.0/2.1. A remote unauthenticated attacker could read or modify the Local Download Ser...

9.8CVSS9.2AI score0.46642EPSS
In wildWeb
CVE
CVE
added 2018/11/26 8:0 p.m.69 views

CVE-2018-11066

Summary of CVE-2018-11066 : Dell EMC Avamar / IDPA products are affected by a remote code execution vulnerability. The issue affects Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, ...

10CVSS10AI score0.09906EPSS
CVE
CVE
added 2018/11/26 8:0 p.m.66 views

CVE-2018-11067

CVE-2018-11067 is an open redirection vulnerability affecting Dell EMC Avamar Client Manager in Avamar Server (versions 7.2.x–18.1) and IDPA 2.0–2.2. An unauthenticated remote attacker could lure users to arbitrary URLs via crafted links, enabling phishing. Public records also document VMware vSp...

6.1CVSS7.7AI score0.01811EPSS
CVE
CVE
added 2018/11/26 8:0 p.m.66 views

CVE-2018-11076

CVE-2018-11076 is disclosed in VMware vSphere Data Protection (VDP). The issue is a command-injection vulnerability in the getlogs troubleshooting utility that could let an authenticated admin execute arbitrary commands as root. Affected products/versions: VDP 6.0.x (before 6.0.9) and 6.1.x (befo...

6.5CVSS7AI score0.00834EPSS
CVE
CVE
added 2018/11/26 8:0 p.m.63 views

CVE-2018-11077

CVE-2018-11077 is the information-exposure aspect of the Dell EMC Avamar/IDPA command-injection issue tracked in VDP advisories. The connected VMware VMSA-2018-0029 confirms a separate command-injection flaw in the getlogs utility that can lead to root-level command execution when an authenticate...

7.2CVSS7.8AI score0.01005EPSS
CVE
CVE
added 2021/01/14 9:10 p.m.63 views

CVE-2020-29493

Affected product/versions: Dell EMC Avamar Server (versions 19.1, 19.2, 19.3). Vulnerability type & trend: SQL Injection in Fitness Analyzer allowing a remote unauthenticated attacker to execute SQL commands on the backend database. Impact (as stated): unauthorized read and write access to applic...

10CVSS9.7AI score0.02611EPSS
CVE
CVE
added 2021/01/14 9:10 p.m.63 views

CVE-2020-29494

CVE-2020-29494 affects Dell EMC Avamar Server versions 19.1–19.3, with a Path Traversal vulnerability in PDM that could allow a remote attacker to write arbitrary files on the server filesystem, potentially deleting files. The issue is supported by multiple sources (NVD, CNVD, CVE listings) and D...

8.7CVSS8.5AI score0.0168EPSS
CVE
CVE
added 2020/03/18 6:20 p.m.62 views

CVE-2019-3762

Affected product/versions: Dell EMC Data Protection Central 1.0, 1.0.1, 18.1, 18.2, 19.1. Root cause: Improper certificate chain of trust. Impact: Unauthenticated remote attacker could obtain a CA-signed certificate to impersonate a valid system and compromise data integrity. Remediation/public f...

7.5CVSS7.4AI score0.00648EPSS
CVE
CVE
added 2019/10/09 7:20 p.m.59 views

CVE-2019-3765

Summary (CVE-2019-3765): Dell EMC Avamar Server (versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1) and Dell EMC Integrated Data Protection Appliance (IDPA) (versions 2.0–2.4) are affected by an Incorrect Permission Assignment for a Critical Resource vulnerability. A remote authenticated attacker could vi...

8.1CVSS7.6AI score0.01135EPSS
CVE
CVE
added 2021/01/14 9:10 p.m.58 views

CVE-2020-29495

Dell EMC Avamar Server (versions 19.1–19.3) contains an OS Command Injection vulnerability in Fitness Analyzer. Exploitation requires remote access with no authentication and can lead to arbitrary OS commands execution on the underlying OS with high privileges, effectively risking full compromise...

10CVSS9.7AI score0.06158EPSS
CVE
CVE
added 2018/08/10 8:0 p.m.56 views

CVE-2018-11048

CVE-2018-11048 affects Dell EMC Data Protection Advisor (DPA) versions 6.2, 6.3, 6.4, 6.5 and IDPA 2.0, 2.1, with a XML External Entity (XXE) Injection in the REST API. An authenticated remote attacker could read certain server files or cause a denial of service by sending crafted DTDs in XML req...

8.1CVSS7.9AI score0.02091EPSS
CVE
CVE
added 2018/11/02 10:0 p.m.52 views

CVE-2018-11062

Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, and 2.2 contain undocumented accounts named ‘support’ and ‘admin’ protected by default passwords. These accounts have limited privileges but can access certain system files, enabling a potential attacker with knowledge of the...

9CVSS8.7AI score0.01769EPSS
CVE
CVE
added 2021/02/15 10:10 p.m.47 views

CVE-2021-21511

CVE-2021-21511 affects Dell EMC Avamar Server, versions 19.3 and 19.4, with an Improper Authorization flaw in the web UI. The vulnerability allows a remote, low-privileged attacker to gain unauthorized read or modification access to other users’ backup data. The issue is rooted in insufficient ac...

8.1CVSS7.9AI score0.01007EPSS
CVE
CVE
added 2020/04/15 6:0 p.m.46 views

CVE-2020-5350

Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0–2.4 contain a command injection vulnerability in the ACM component. A remote authenticated attacker with root privileges could pass crafted parameters to ACM APIs, enabling manipulation of passwords and execution of malicious comma...

9CVSS7AI score0.01975EPSS
CVE
CVE
added 2021/08/10 7:5 p.m.44 views

CVE-2021-21601

CVE-2021-21601 concerns Dell EMC Data Protection Search (19.4 and earlier) and IDPA (2.6.1 and earlier). The vulnerability is described as an information exposure in a log file vulnerability within the CIS, enabling a local, low-privileged attacker to disclose certain user credentials and use the...

8.8CVSS7.1AI score0.00239EPSS