CVE-2021-21511Improper Authorization in Dell Avamar

CWE-285Improper AuthorizationCWE-863Incorrect Authorization3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.1%
top 64.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Dell AvamarDell EMC Avamar ServerDell EMC Integrated Data Protection Appliance
Timeline
PublishedFeb 15
Latest updateMay 24

Description

Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

NVDdell/emc_avamar_server19.3, 19.4+1
CVEListV5dell/avamar19.3, 19.4

🔴Vulnerability Details

2
GHSA
GHSA-2gr2-xjj5-q4ff: Dell EMC Avamar Server, versions 192022-05-24
CVEList
CVE-2021-21511: Dell EMC Avamar Server, versions 192021-02-15
CVE-2021-21511 — Improper Authorization in Dell Avamar | cvebase