CVE-2020-29493
published 2021-01-14CVE-2020-29493: DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could…
PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.61%
83.5th percentile
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | avamar | >= unspecified < HF 19.1, 19.2, 19.3 | HF 19.1, 19.2, 19.3 |
| dell | emc_avamar_server | — | — |
| dell | emc_avamar_server | — | — |
| dell | emc_avamar_server | — | — |
| dell | emc_integrated_data_protection_appliance | — | — |
| dell | emc_integrated_data_protection_appliance | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2020-29493 is a SQL Injection vulnerability in DELL EMC Avamar Server's Fitness Analyzer component, exploitable by a remote unauthenticated attacker to execute SQL commands on the backend database ↗
- ·Affected versions are DELL EMC Avamar Server 19.1, 19.2, and 19.3 only; the vulnerability resides specifically in the Fitness Analyzer component ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
2021-01-14
Published