CVE-2019-3765 — Incorrect Permission Assignment in Dell EMC Integrated Data Protection Appliance

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

8.1HIGHNVD

EPSS

0.2%

top 59.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell EMC Integrated Data Protection Appliance Dell Avamar Dell Integrated Data Protection Appliance +1 more

Timeline

PublishedOct 9

Latest updateMay 24

Description

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages4 packages

▶NVDdell/emc_integrated_data_protection_appliance2.0 — 2.4

▶CVEListV5dell/integrated_data_protection_appliance2.0, 2.1, 2.2+2

▶NVDdell/emc_avamar_server5 versions+4

▶CVEListV5dell/avamar5 versions+4

🔴Vulnerability Details

GHSA

GHSA-234q-j3p6-pgvr: Dell EMC Avamar Server versions 7↗2022-05-24

▶

CVEList

CVE-2019-3765: Dell EMC Avamar Server versions 7↗2019-10-09

▶