Dell Avamar vulnerabilities
15 known vulnerabilities affecting dell/avamar.
Total CVEs
15
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH7MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2025-21120MEDIUMCVSS 6.5v19.4v19.7+4 more2025-08-04
CVE-2025-21120 [MEDIUM] CWE-650 CVE-2025-21120: Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Meth
Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
nvd
CVE-2025-21117MEDIUMCVSS 5.5v19.4v19.7+4 more2025-02-05
CVE-2025-21117 [MEDIUM] CWE-672 CVE-2025-21117: Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low p
Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the user.
cvelistv5nvd
CVE-2024-47484CRITICALCVSS 9.8v19.4v19.7+4 more2024-12-10
CVE-2024-47484 [CRITICAL] CWE-89 CVE-2024-47484: Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 3388
Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
cvelistv5nvd
CVE-2024-52538HIGHCVSS 8.8v19.4v19.7+4 more2024-12-10
CVE-2024-52538 [HIGH] CWE-89 CVE-2024-52538: Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 3388
Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
cvelistv5nvd
CVE-2024-47977HIGHCVSS 8.8v19.4v19.7+4 more2024-12-10
CVE-2024-47977 [HIGH] CWE-89 CVE-2024-47977: Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 3388
Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
cvelistv5nvd
CVE-2021-36316HIGHCVSS 7.2v18.2, 19.1, 19.2, 19.3, 19.42021-12-21
CVE-2021-36316 [HIGH] CWE-269 CVE-2021-36316: Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege manag
Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure of the AUI info and performing some unauthorized operation on the AUI.
cvelistv5nvd
CVE-2021-36317MEDIUMCVSS 6.7v19.42021-12-21
CVE-2021-36317 [MEDIUM] CWE-256 CVE-2021-36317: Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstal
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised
cvelistv5nvd
CVE-2021-36318MEDIUMCVSS 6.7≥ unspecified, < 18.2 19.1 19.2 19.3 19.42021-12-21
CVE-2021-36318 [MEDIUM] CWE-532 CVE-2021-36318: Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerabilit
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.
cvelistv5nvd
CVE-2020-5329MEDIUMCVSS 6.1v7.3.1, 7.4.12021-07-29
CVE-2020-5329 [MEDIUM] CWE-601 CVE-2020-5329: Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker ma
Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
cvelistv5nvd
CVE-2019-3752HIGHCVSS 8.2v7.4.1, 7.5.0, 7.5.1, 18.22021-07-16
CVE-2019-3752 [HIGH] CWE-611 CVE-2019-3752: Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Prot
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposu
cvelistv5nvd
CVE-2021-21511HIGHCVSS 8.1v19.3, 19.42021-02-15
CVE-2021-21511 [HIGH] CWE-285 CVE-2021-21511: Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in th
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data.
cvelistv5nvd
CVE-2020-29495CRITICALCVSS 10.0≥ unspecified, < HF 19.1, 19.2, 19.32021-01-14
CVE-2020-29495 [CRITICAL] CWE-22 CVE-2020-29495: DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as i
cvelistv5nvd
CVE-2020-29493CRITICALCVSS 9.8≥ unspecified, < HF 19.1, 19.2, 19.32021-01-14
CVE-2020-29493 [CRITICAL] CWE-89 CVE-2020-29493: DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitat
cvelistv5nvd
CVE-2020-29494HIGHCVSS 8.7≥ unspecified, < HF 19.1, 19.2, 19.32021-01-14
CVE-2020-29494 [HIGH] CWE-22 CVE-2020-29494: Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.
cvelistv5nvd
CVE-2019-3765HIGHCVSS 8.1v7.4.1v7.5.0+3 more2019-10-09
CVE-2019-3765 [HIGH] CWE-732 CVE-2019-3765: Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Prot
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive back
cvelistv5nvd