DSA-2020-272 Dell EMC Avamar Server and Dell EMC Integrated Data Protection Appliance Security Update for Multiple Vulnerabilities
Dell EMC Avamar Server and Dell EMC Integrated Data Protection Appliance (IDPA) contain remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Resumen:
Dell EMC Avamar Server and Dell EMC Integrated Data Protection Appliance (IDPA) contain remediation for multiple security vulnerabilities that may be exploited by malicious users to
compromise the affected system.
...
Selecciona un producto para comprobar la relevancia del artículo
Este artículo se aplica a: Este artículo no se aplica a:
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.
10.0
CVSS:3.1/ AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2020-29494
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user may potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.
8.7
CVSS:3.1/ AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
CVE-2020-29495
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.
10.0
CVSS:3.1/ AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Proprietary Code CVE(s)
Description
CVSSBase Score
CVSS Vector String
CVE-2020-29493
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.
10.0
CVSS:3.1/ AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2020-29494
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user may potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.
8.7
CVSS:3.1/ AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
CVE-2020-29495
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.
10.0
CVSS:3.1/ AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Dell Technologies recomienda que todos los clientes tengan en cuenta la puntuación base CVSS y las puntuaciones temporales o de entorno relevantes que puedan afectar a la posible gravedad asociada a una determinada vulnerabilidad de seguridad.
Avamar, PowerProtect Data Protection Appliance, Avamar Server, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software
, Product Security Information
...
Propiedades del artículo
Número de artículo: 000181806
Tipo de artículo: Dell Security Advisory
Última modificación: 07 dic 2023
Encuentra las respuestas que necesitas con la ayuda de otros usuarios de Dell
Servicios de asistencia
Comprueba si tu dispositivo está cubierto por los servicios de asistencia.
Propiedades del artículo
Número de artículo: 000181806
Tipo de artículo: Dell Security Advisory
Última modificación: 07 dic 2023
Encuentra las respuestas que necesitas con la ayuda de otros usuarios de Dell
Servicios de asistencia
Comprueba si tu dispositivo está cubierto por los servicios de asistencia.