CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21117
https://notcve.org/view.php?id=CVE-2025-21117
05 Feb 2025 — Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the user. • https://www.dell.com/support/kbdoc/en-us/000281275/dsa-2025-071-security-update-for-dell-avamar-for-multiple-component-vulnerabilities • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47977 – Dell Avamar Fitness Analyzer API SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-47977
10 Dec 2024 — Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to C... • https://www.dell.com/support/kbdoc/en-us/000258636/dsa-2024-489-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-security-update-for-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47484 – Dell Avamar Web Restore Login Action SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-47484
10 Dec 2024 — Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading ... • https://www.dell.com/support/kbdoc/en-us/000258636/dsa-2024-489-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-security-update-for-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-52538 – Dell Avamar Fitness Analyzer API SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-52538
10 Dec 2024 — Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Sc... • https://www.dell.com/support/kbdoc/en-us/000258636/dsa-2024-489-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-security-update-for-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2021-36318 – Gentoo Linux Security Advisory 202210-09
https://notcve.org/view.php?id=CVE-2021-36318
21 Dec 2021 — Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage. Dell EMC Avamar versiones 18.2,19.1,19.2,19.3,19.4, contienen una vulnerabilidad de almacenamiento de contraseñas en texto plano. Un usuario con muchos privilegios podría explotar esta vulnerabilidad, conllevando a una interrupción completa Multiple vulnerabilities have been discovered in Rust, the worst of w... • https://security.gentoo.org/glsa/202210-09 • CWE-522: Insufficiently Protected Credentials CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36317 – Gentoo Linux Security Advisory 202210-09
https://notcve.org/view.php?id=CVE-2021-36317
21 Dec 2021 — Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Dell EMC Avamar Server versión 19.4, contiene una vulnerabilidad de almacenamiento de contraseñas de texto plano en AvInstaller. Un atacante local podrí... • https://security.gentoo.org/glsa/202210-09 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2021-36316
https://notcve.org/view.php?id=CVE-2021-36316
21 Dec 2021 — Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure of the AUI info and performing some unauthorized operation on the AUI. Dell EMC Avamar Server versiones 18.2, 19.1, 19.2, 19.3 y 19.4, contienen una vulnerabilidad de administración de privilegios inapropiada en AUI. Un usuario malicioso con altos privilegios podría explota... • https://www.dell.com/support/kbdoc/000193369 • CWE-269: Improper Privilege Management •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21511
https://notcve.org/view.php?id=CVE-2021-21511
15 Feb 2021 — Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data. Dell EMC Avamar Server, versiones 19.3 y 19.4, contienen una vulnerabilidad de Autorización Inapropiada en la Interfaz de Usuario web. Un atacante remoto con pocos privilegios podría aprovechar esta vulnerabilidad para obtener acceso no aut... • https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability • CWE-285: Improper Authorization •