CVE-2019-3752

CWE-611 — XML External Entity (XXE)3 documents3 sources

Severity

8.2HIGH

EPSS

0.4%

top 40.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Avamar Dell EMC Avamar Server Dell EMC Integrated Data Protection Appliance

Timeline

PublishedJul 16

Latest updateMay 24

Description

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages3 packages

▶NVDdell/emc_integrated_data_protection_appliance5 versions+4

▶NVDdell/emc_avamar_server5 versions+4

▶CVEListV5dell/avamar7.4.1, 7.5.0, 7.5.1, 18.2

Patches

Patch: www.dell.com ↗Patch: www.dell.com ↗

🔴Vulnerability Details

GHSA

GHSA-pg28-353j-pr59: Dell EMC Avamar Server versions 7↗2022-05-24

▶

CVEList

CVE-2019-3752: Dell EMC Avamar Server versions 7↗2021-07-16

▶