CVE-2019-3737 — Path Traversal in EMC Avamar

CWE-22 — Path Traversal3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 38.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell EMC Avamar Dell Avamar Data Migration Enabler WEB Interface

Timeline

PublishedJun 19

Latest updateMay 24

Description

Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDdell/avamar_data_migration_enabler_web_interface1.0.50, 1.0.51+1

▶CVEListV5dell_emc/avamarADMe Web UI 1.0.50, ADMe Web UI 1.0.51+1

🔴Vulnerability Details

GHSA

GHSA-p4r9-w473-78rf: Dell EMC Avamar ADMe Web Interface 1↗2022-05-24

▶

CVEList

Dell EMC Avamar Security Update for ADMe Web UI Vulnerability↗2019-06-19

▶