CVE-2020-29493

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

5.8%

top 9.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Avamar Dell EMC Avamar Server Dell EMC Integrated Data Protection Appliance

Timeline

PublishedJan 14

Latest updateMay 24

Description

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earlies…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages3 packages

▶NVDdell/emc_avamar_server19.1, 19.2, 19.3+2

▶NVDdell/emc_integrated_data_protection_appliance2.5, 2.6+1

▶CVEListV5dell/avamarunspecified — HF 19.1, 19.2, 19.3

Patches

Patch: www.dell.com ↗Patch: www.dell.com ↗

🔴Vulnerability Details

GHSA

GHSA-xmm8-v82g-957c: DELL EMC Avamar Server, versions 19↗2022-05-24

▶

CVEList

CVE-2020-29493: DELL EMC Avamar Server, versions 19↗2021-01-14

▶