Dell Avamar Virtual Edition vulnerabilities

5 known vulnerabilities affecting dell/avamar_virtual_edition.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2025-36598MEDIUMCVSS 6.5≥ 19.8 through 19.12, < 9.12 with CHF 338905 or later2026-02-17
CVE-2025-36598 [MEDIUM] CWE-22 CVE-2025-36598: Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathnam Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to upload malicious files.
cvelistv5nvd
CVE-2026-22762MEDIUMCVSS 6.5≥ 19.9 through 19.10 SP1, < 19.10 SP1 with CHF 338912 or later2026-02-17
CVE-2026-22762 [MEDIUM] CWE-22 CVE-2026-22762: Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain a Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary file delete.
cvelistv5nvd
CVE-2025-36597MEDIUMCVSS 4.7≥ 19.8 through 19.12, < Version 19.12 with CHF 338905 or later2026-02-17
CVE-2025-36597 [MEDIUM] CWE-22 CVE-2025-36597: Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathnam Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.
cvelistv5nvd
CVE-2025-21120MEDIUMCVSS 6.5≥ 19.8 through 19.10, < 19.10 SP1 with CHF 338904 or later2025-08-04
CVE-2025-21120 [MEDIUM] CWE-650 CVE-2025-21120: Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Meth Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
cvelistv5nvd
CVE-2020-5341CRITICALCVSS 9.8≥ unspecified, < Avamar 7.5 Virtual Edition for VMware vSphere only2021-07-28
CVE-2020-5341 [CRITICAL] CWE-502 CVE-2020-5341: Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a s
cvelistv5nvd