CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47977 – Dell Avamar Fitness Analyzer API SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-47977
Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. • https://www.dell.com/support/kbdoc/en-us/000258636/dsa-2024-489-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-security-update-for-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47484 – Dell Avamar Web Restore Login Action SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-47484
Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. • https://www.dell.com/support/kbdoc/en-us/000258636/dsa-2024-489-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-security-update-for-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-52538 – Dell Avamar Fitness Analyzer API SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-52538
Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. • https://www.dell.com/support/kbdoc/en-us/000258636/dsa-2024-489-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-security-update-for-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2021-36318
https://notcve.org/view.php?id=CVE-2021-36318
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage. Dell EMC Avamar versiones 18.2,19.1,19.2,19.3,19.4, contienen una vulnerabilidad de almacenamiento de contraseñas en texto plano. Un usuario con muchos privilegios podría explotar esta vulnerabilidad, conllevando a una interrupción completa • https://security.gentoo.org/glsa/202210-09 https://www.dell.com/support/kbdoc/000193369 • CWE-522: Insufficiently Protected Credentials CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36317
https://notcve.org/view.php?id=CVE-2021-36317
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Dell EMC Avamar Server versión 19.4, contiene una vulnerabilidad de almacenamiento de contraseñas de texto plano en AvInstaller. Un atacante local podría explotar esta vulnerabilidad, conllevando a una divulgación de determinadas credenciales de usuario. • https://security.gentoo.org/glsa/202210-09 https://www.dell.com/support/kbdoc/000193369 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •