Vulnerabilities (CVE)

Filtered by vendor Dell Subscribe
Filtered by product Emc Integrated Data Protection Appliance
Total 16 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-21601 1 Dell 2 Emc Data Protection Search, Emc Integrated Data Protection Appliance 2024-11-21 2.1 LOW 8.8 HIGH
Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.
CVE-2021-21511 1 Dell 2 Emc Avamar Server, Emc Integrated Data Protection Appliance 2024-11-21 5.5 MEDIUM 8.1 HIGH
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data.
CVE-2020-5350 1 Dell 1 Emc Integrated Data Protection Appliance 2024-11-21 9.0 HIGH 7.9 HIGH
Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.
CVE-2020-29495 1 Dell 2 Emc Avamar Server, Emc Integrated Data Protection Appliance 2024-11-21 10.0 HIGH 10.0 CRITICAL
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.
CVE-2020-29494 1 Dell 2 Emc Avamar Server, Emc Integrated Data Protection Appliance 2024-11-21 5.5 MEDIUM 8.7 HIGH
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.
CVE-2020-29493 1 Dell 2 Emc Avamar Server, Emc Integrated Data Protection Appliance 2024-11-21 7.5 HIGH 10.0 CRITICAL
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.
CVE-2019-3765 1 Dell 2 Emc Avamar Server, Emc Integrated Data Protection Appliance 2024-11-21 5.5 MEDIUM 8.1 HIGH
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.
CVE-2019-3762 1 Dell 2 Emc Data Protection Central, Emc Integrated Data Protection Appliance 2024-11-21 5.0 MEDIUM 7.5 HIGH
Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data.
CVE-2019-3752 1 Dell 2 Emc Avamar Server, Emc Integrated Data Protection Appliance 2024-11-21 6.4 MEDIUM 8.2 HIGH
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request.
CVE-2018-1217 1 Dell 2 Emc Avamar, Emc Integrated Data Protection Appliance 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials.
CVE-2018-11077 2 Dell, Vmware 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection 2024-11-21 7.2 HIGH 6.7 MEDIUM
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
CVE-2018-11076 2 Dell, Vmware 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection 2024-11-21 3.3 LOW 6.5 MEDIUM
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.
CVE-2018-11067 2 Dell, Vmware 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
CVE-2018-11066 2 Dell, Vmware 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection 2024-11-21 10.0 HIGH 9.8 CRITICAL
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
CVE-2018-11062 1 Dell 1 Emc Integrated Data Protection Appliance 2024-11-21 9.0 HIGH 8.8 HIGH
Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files.
CVE-2018-11048 1 Dell 2 Emc Data Protection Advisor, Emc Integrated Data Protection Appliance 2024-11-21 5.5 MEDIUM 8.1 HIGH
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.