Dell Emc Integrated Data Protection Appliance vulnerabilities

6 known vulnerabilities affecting dell_emc/integrated_data_protection_appliance.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2018-11066CRITICALCVSS 9.8v2.0v2.1+1 more2018-11-26
CVE-2018-11066 [CRITICAL] CVE-2018-11066: Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary
cvelistv5nvd
CVE-2018-11077MEDIUMCVSS 6.7v2.0v2.1+1 more2018-11-26
CVE-2018-11077 [MEDIUM] CWE-78 CVE-2018-11077: 'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0 'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root pri
cvelistv5nvd
CVE-2018-11076MEDIUMCVSS 6.5v2.02018-11-26
CVE-2018-11076 [MEDIUM] CVE-2018-11076: Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthe
cvelistv5nvd
CVE-2018-11067MEDIUMCVSS 6.1v2.0v2.1+1 more2018-11-26
CVE-2018-11067 [MEDIUM] CWE-601 CVE-2018-11067: Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect applica
cvelistv5nvd
CVE-2018-11062HIGHCVSS 8.8≥ 2.X, < 2.32018-11-02
CVE-2018-11062 [HIGH] CWE-798 CVE-2018-11062: Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain r
cvelistv5nvd
CVE-2018-11048HIGHCVSS 8.1v2.0v2.12018-08-10
CVE-2018-11048 [HIGH] CWE-611 CVE-2018-11048: Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protectio Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause den
cvelistv5nvd