CVE-2019-3737
Dell EMC Avamar Security Update for ADMe Web UI Vulnerability
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.
La Interfaz web de Avamar ADMe de Dell EMC versiones 1.0.50 y 1.0.51, esta afectada por una vulnerabilidad de LFI que puede permitir que un usuario malicioso descargue archivos arbitrarios del sistema afectado al enviar una peticiĆ³n especialmente creada a la aplicaciĆ³n de la Interfaz Web.
*Credits:
Dell EMC would like to thank Ken Pyle from DFDR Consulting for reporting this vulnerability.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-01-03 CVE Reserved
- 2019-06-14 CVE Published
- 2024-09-16 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://seclists.org/fulldisclosure/2019/Jun/25 | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dell Search vendor "Dell" | Avamar Data Migration Enabler Web Interface Search vendor "Dell" for product "Avamar Data Migration Enabler Web Interface" | 1.0.50 Search vendor "Dell" for product "Avamar Data Migration Enabler Web Interface" and version "1.0.50" | - |
Affected
| ||||||
Dell Search vendor "Dell" | Avamar Data Migration Enabler Web Interface Search vendor "Dell" for product "Avamar Data Migration Enabler Web Interface" | 1.0.51 Search vendor "Dell" for product "Avamar Data Migration Enabler Web Interface" and version "1.0.51" | - |
Affected
|