Vulnerabilities > Dell > EMC Avamar Server

DATE CVE VULNERABILITY TITLE RISK
2021-12-21 CVE-2021-36316 Improper Privilege Management vulnerability in Dell EMC Avamar Server
Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI.
network
low complexity
dell CWE-269
7.2
7.2
2021-12-21 CVE-2021-36317 Insufficiently Protected Credentials vulnerability in Dell products
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller.
local
low complexity
dell CWE-522
6.7
6.7
2021-12-21 CVE-2021-36318 Insufficiently Protected Credentials vulnerability in Dell EMC Avamar Server
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability.
local
low complexity
dell CWE-522
6.7
6.7
2021-07-29 CVE-2020-5329 Open Redirect vulnerability in Dell EMC Avamar Server 7.3.1/7.4.1
Dell EMC Avamar Server contains an open redirect vulnerability.
network
low complexity
dell CWE-601
6.1
6.1
2021-07-28 CVE-2020-5341 Deserialization of Untrusted Data vulnerability in Dell products
Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability.
network
low complexity
dell CWE-502
critical
 9.8
9.8
2021-07-16 CVE-2019-3752 XXE vulnerability in Dell products
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4.
network
low complexity
dell CWE-611
8.2
8.2
2021-02-15 CVE-2021-21511 Unspecified vulnerability in Dell products
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI.
network
low complexity
dell
8.1
8.1
2021-01-14 CVE-2020-29495 OS Command Injection vulnerability in Dell products
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer.
network
low complexity
dell CWE-78
critical
 10.0
10
2021-01-14 CVE-2020-29494 Path Traversal vulnerability in Dell products
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM.
network
low complexity
dell CWE-22
8.7
8.7
2021-01-14 CVE-2020-29493 SQL Injection vulnerability in Dell products
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer.
network
low complexity
dell CWE-89
critical
 9.8
9.8