CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21601
https://notcve.org/view.php?id=CVE-2021-21601
10 Aug 2021 — Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. Dell EMC Data Protection Search, versiones 19.4 y anteriores, e IDPA, 2.6.1 y anteriores, contie... • https://www.dell.com/support/kbdoc/000189555 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 12%CPEs: 13EXPL: 0CVE-2020-5341
https://notcve.org/view.php?id=CVE-2020-5341
28 Jul 2021 — Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system. Vulnerabilidad de deserialización de datos no confiables Las versiones 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 y... • https://www.dell.com/support/security/en-us/details/541677/DSA-2020-057-Dell-EMC-Avamar-Server-Deserialization-of-Untrusted-Data-Vulnerability • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.2EPSS: 0%CPEs: 10EXPL: 0CVE-2019-3752
https://notcve.org/view.php?id=CVE-2019-3752
16 Jul 2021 — Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request. Dell EMC Avamar Server versiones 7.4.1, 7.5.0, 7.5.1, 18.2 y 19.1 de y ... • https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.0EPSS: 3%CPEs: 5EXPL: 0CVE-2020-5350
https://notcve.org/view.php?id=CVE-2020-5350
15 Apr 2020 — Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component. Dell EMC Integrated Data Protection Appliance versiones 2.0, 2.1, 2.2, 2.3, 2.4, contienen una vulnerabilidad de inyección de comandos en el componente ACM. Un u... • https://www.dell.com/support/security/en-us/details/542518/DSA-2020-079-Dell-EMC-Integrated-Data-Protection-Appliance-Command-Injection-Vulnerability • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2019-3762
https://notcve.org/view.php?id=CVE-2019-3762
18 Mar 2020 — Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data. Data Protection Central versiones 1.0, 1.0.1, 18.1, 18.2 y 19.1, contiene una vulnerabilidad de Cadena de Confianza de Certificado Inapropiada. atacante remoto no autentic... • https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability • CWE-295: Improper Certificate Validation CWE-296: Improper Following of a Certificate's Chain of Trust •
CVSS: 9.1EPSS: 2%CPEs: 15EXPL: 0CVE-2019-18582
https://notcve.org/view.php?id=CVE-2019-18582
18 Mar 2020 — Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to inject malicious report generation scripts in the server. This may lead to OS command execution as the regular user runs the DPA service on the affected system. Dell EMC Data Protection Advisor versi... • https://www.dell.com/support/security/en-us/details/539430/DSA-2019-155-Dell-EMC-Data-Protection-Advisor-Security-Update-for-Multiple-Vulnerabilities • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 1%CPEs: 15EXPL: 0CVE-2019-18581
https://notcve.org/view.php?id=CVE-2019-18581
18 Mar 2020 — Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application’s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system. Dell EMC Data Protection Advisor ... • https://www.dell.com/support/security/en-us/details/539430/DSA-2019-155-Dell-EMC-Data-Protection-Advisor-Security-Update-for-Multiple-Vulnerabilities • CWE-862: Missing Authorization •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-3765
https://notcve.org/view.php?id=CVE-2019-3765
09 Oct 2019 — Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place. Dell EMC Avamar Ser... • https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.4EPSS: 0%CPEs: 7EXPL: 0CVE-2019-3747
https://notcve.org/view.php?id=CVE-2019-3747
27 Sep 2019 — Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Dell EMC Integrated Data Protection Appliance versiones anteriores a 2.3, co... • https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2019-3746
https://notcve.org/view.php?id=CVE-2019-3746
27 Sep 2019 — Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system. Dell EMC Integrated Data Protection Appliance versiones anteriores a 2.3, no limitan el número de intentos de autenticación a la API de ACM. Un usuario remoto autenticado puede explotar esta vulnerabilidad para iniciar un ataque de ... • https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities • CWE-307: Improper Restriction of Excessive Authentication Attempts •