CVE-2024-47977SQL Injection in Dell Avamar

CWE-89SQL Injection3 documents3 sources
Severity
8.8HIGHNVD
CNA7.1
EPSS
0.2%
top 55.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell AvamarDell Avamar Server
Timeline
PublishedDec 10

Description

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5dell/avamar6 versions+5
NVDdell/avamar_server5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-hq4p-v5p6-7mf8: Dell Avamar, version(s) 192024-12-10
CVEList
CVE-2024-47977: Dell Avamar, versions prior to 192024-12-10
CVE-2024-47977 — SQL Injection in Dell Avamar | cvebase