Dell Emc Integrated Data Protection Appliance Firmware vulnerabilities
6 known vulnerabilities affecting dell/emc_integrated_data_protection_appliance_firmware.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-5341CRITICALCVSS 9.8v2.0v2.1+4 more2021-07-28
CVE-2020-5341 [CRITICAL] CWE-502 CVE-2020-5341: Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1,
Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a s
nvd
CVE-2019-18582HIGHCVSS 7.2v2.0v2.1+3 more2020-03-18
CVE-2019-18582 [HIGH] CWE-94 CVE-2019-18582: Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 v
Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to inject malicious report generation script
nvd
CVE-2019-18581HIGHCVSS 7.2v2.0v2.1+3 more2020-03-18
CVE-2019-18581 [HIGH] CWE-862 CVE-2019-18581: Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 v
Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application’s allowable list of
nvd
CVE-2019-3736HIGHCVSS 7.2v2.0v2.1+1 more2019-09-27
CVE-2019-3736 [HIGH] CWE-257 CVE-2019-3736: Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulne
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compr
nvd
CVE-2019-3746HIGHCVSS 8.8v2.0v2.1+1 more2019-09-27
CVE-2019-3746 [HIGH] CWE-307 CVE-2019-3746: Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authe
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system.
nvd
CVE-2019-3747MEDIUMCVSS 4.8v2.0v2.1+1 more2019-09-27
CVE-2019-3747 [MEDIUM] CWE-79 CVE-2019-3747: Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scri
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code g
nvd