Dell Emc Avamar Server vulnerabilities
11 known vulnerabilities affecting dell/emc_avamar_server.
Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH5MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2021-36316HIGHCVSS 7.2v18.2v19.1+3 more2021-12-21
CVE-2021-36316 [HIGH] CWE-269 CVE-2021-36316: Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege manag
Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure of the AUI info and performing some unauthorized operation on the AUI.
nvd
CVE-2021-36318MEDIUMCVSS 6.7v18.2v19.1+3 more2021-12-21
CVE-2021-36318 [MEDIUM] CWE-532 CVE-2021-36318: Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerabilit
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.
nvd
CVE-2021-36317MEDIUMCVSS 6.7v19.42021-12-21
CVE-2021-36317 [MEDIUM] CWE-256 CVE-2021-36317: Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstal
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised
nvd
CVE-2020-5329MEDIUMCVSS 6.1v7.3.1v7.4.12021-07-29
CVE-2020-5329 [MEDIUM] CWE-601 CVE-2020-5329: Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker ma
Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
nvd
CVE-2020-5341CRITICALCVSS 9.8v7.4.1v7.5.0+5 more2021-07-28
CVE-2020-5341 [CRITICAL] CWE-502 CVE-2020-5341: Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1,
Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a s
nvd
CVE-2019-3752HIGHCVSS 8.2v7.4.1v7.5.0+3 more2021-07-16
CVE-2019-3752 [HIGH] CWE-611 CVE-2019-3752: Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Prot
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposu
nvd
CVE-2021-21511HIGHCVSS 8.1v19.3v19.42021-02-15
CVE-2021-21511 [HIGH] CWE-285 CVE-2021-21511: Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in th
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data.
nvd
CVE-2020-29495CRITICALCVSS 10.0v19.1v19.2+1 more2021-01-14
CVE-2020-29495 [CRITICAL] CWE-22 CVE-2020-29495: DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as i
nvd
CVE-2020-29493CRITICALCVSS 9.8v19.1v19.2+1 more2021-01-14
CVE-2020-29493 [CRITICAL] CWE-89 CVE-2020-29493: DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitat
nvd
CVE-2020-29494HIGHCVSS 8.7v19.1v19.2+1 more2021-01-14
CVE-2020-29494 [HIGH] CWE-22 CVE-2020-29494: Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.
nvd
CVE-2019-3765HIGHCVSS 8.1v7.4.1v7.5.0+3 more2019-10-09
CVE-2019-3765 [HIGH] CWE-732 CVE-2019-3765: Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Prot
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive back
nvd