16 matches found
CVE-2019-3752
CVE-2019-3752 impacts Dell EMC Avamar Server (versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1) and Dell EMC Integrated Data Protection Appliance (IDPA) (2.0–2.4). It is an XML External Entity (XXE) Injection vulnerability allowing a remote unauthenticated attacker to cause Denial of Service or informati...
CVE-2018-1217
Dell EMC Avamar/Integrated Data Protection Appliance Installation Manager (LDLS) contains a missing access control vulnerability (CVE-2018-1217) affecting Avamar Server 7.3.1, 7.4.1, 7.5.0 and IDS/AVE Appliance 2.0/2.1. A remote unauthenticated attacker could read or modify the Local Download Ser...
CVE-2018-11066
Summary of CVE-2018-11066 : Dell EMC Avamar / IDPA products are affected by a remote code execution vulnerability. The issue affects Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, ...
CVE-2018-11067
CVE-2018-11067 is an open redirection vulnerability affecting Dell EMC Avamar Client Manager in Avamar Server (versions 7.2.x–18.1) and IDPA 2.0–2.2. An unauthenticated remote attacker could lure users to arbitrary URLs via crafted links, enabling phishing. Public records also document VMware vSp...
CVE-2018-11076
CVE-2018-11076 is disclosed in VMware vSphere Data Protection (VDP). The issue is a command-injection vulnerability in the getlogs troubleshooting utility that could let an authenticated admin execute arbitrary commands as root. Affected products/versions: VDP 6.0.x (before 6.0.9) and 6.1.x (befo...
CVE-2018-11077
CVE-2018-11077 is the information-exposure aspect of the Dell EMC Avamar/IDPA command-injection issue tracked in VDP advisories. The connected VMware VMSA-2018-0029 confirms a separate command-injection flaw in the getlogs utility that can lead to root-level command execution when an authenticate...
CVE-2020-29493
Affected product/versions: Dell EMC Avamar Server (versions 19.1, 19.2, 19.3). Vulnerability type & trend: SQL Injection in Fitness Analyzer allowing a remote unauthenticated attacker to execute SQL commands on the backend database. Impact (as stated): unauthorized read and write access to applic...
CVE-2020-29494
CVE-2020-29494 affects Dell EMC Avamar Server versions 19.1–19.3, with a Path Traversal vulnerability in PDM that could allow a remote attacker to write arbitrary files on the server filesystem, potentially deleting files. The issue is supported by multiple sources (NVD, CNVD, CVE listings) and D...
CVE-2019-3762
Affected product/versions: Dell EMC Data Protection Central 1.0, 1.0.1, 18.1, 18.2, 19.1. Root cause: Improper certificate chain of trust. Impact: Unauthenticated remote attacker could obtain a CA-signed certificate to impersonate a valid system and compromise data integrity. Remediation/public f...
CVE-2019-3765
Summary (CVE-2019-3765): Dell EMC Avamar Server (versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1) and Dell EMC Integrated Data Protection Appliance (IDPA) (versions 2.0–2.4) are affected by an Incorrect Permission Assignment for a Critical Resource vulnerability. A remote authenticated attacker could vi...
CVE-2020-29495
Dell EMC Avamar Server (versions 19.1–19.3) contains an OS Command Injection vulnerability in Fitness Analyzer. Exploitation requires remote access with no authentication and can lead to arbitrary OS commands execution on the underlying OS with high privileges, effectively risking full compromise...
CVE-2018-11048
CVE-2018-11048 affects Dell EMC Data Protection Advisor (DPA) versions 6.2, 6.3, 6.4, 6.5 and IDPA 2.0, 2.1, with a XML External Entity (XXE) Injection in the REST API. An authenticated remote attacker could read certain server files or cause a denial of service by sending crafted DTDs in XML req...
CVE-2018-11062
Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, and 2.2 contain undocumented accounts named ‘support’ and ‘admin’ protected by default passwords. These accounts have limited privileges but can access certain system files, enabling a potential attacker with knowledge of the...
CVE-2021-21511
CVE-2021-21511 affects Dell EMC Avamar Server, versions 19.3 and 19.4, with an Improper Authorization flaw in the web UI. The vulnerability allows a remote, low-privileged attacker to gain unauthorized read or modification access to other users’ backup data. The issue is rooted in insufficient ac...
CVE-2020-5350
Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0–2.4 contain a command injection vulnerability in the ACM component. A remote authenticated attacker with root privileges could pass crafted parameters to ACM APIs, enabling manipulation of passwords and execution of malicious comma...
CVE-2021-21601
CVE-2021-21601 concerns Dell EMC Data Protection Search (19.4 and earlier) and IDPA (2.6.1 and earlier). The vulnerability is described as an information exposure in a log file vulnerability within the CIS, enabling a local, low-privileged attacker to disclose certain user credentials and use the...