CVSS: 10.0EPSS: 12%CPEs: 13EXPL: 0CVE-2020-5341
https://notcve.org/view.php?id=CVE-2020-5341
28 Jul 2021 — Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system. Vulnerabilidad de deserialización de datos no confiables Las versiones 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 y... • https://www.dell.com/support/security/en-us/details/541677/DSA-2020-057-Dell-EMC-Avamar-Server-Deserialization-of-Untrusted-Data-Vulnerability • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.1EPSS: 2%CPEs: 15EXPL: 0CVE-2019-18582
https://notcve.org/view.php?id=CVE-2019-18582
18 Mar 2020 — Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to inject malicious report generation scripts in the server. This may lead to OS command execution as the regular user runs the DPA service on the affected system. Dell EMC Data Protection Advisor versi... • https://www.dell.com/support/security/en-us/details/539430/DSA-2019-155-Dell-EMC-Data-Protection-Advisor-Security-Update-for-Multiple-Vulnerabilities • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 1%CPEs: 15EXPL: 0CVE-2019-18581
https://notcve.org/view.php?id=CVE-2019-18581
18 Mar 2020 — Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application’s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system. Dell EMC Data Protection Advisor ... • https://www.dell.com/support/security/en-us/details/539430/DSA-2019-155-Dell-EMC-Data-Protection-Advisor-Security-Update-for-Multiple-Vulnerabilities • CWE-862: Missing Authorization •