Vulnerabilities > Dell > EMC Integrated Data Protection Appliance > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-10 CVE-2021-21601 Unspecified vulnerability in Dell products
Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS.
local
low complexity
dell
7.8
7.8
2021-07-16 CVE-2019-3752 XXE vulnerability in Dell products
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4.
network
low complexity
dell CWE-611
8.2
8.2
2021-02-15 CVE-2021-21511 Unspecified vulnerability in Dell products
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI.
network
low complexity
dell
8.1
8.1
2021-01-14 CVE-2020-29494 Path Traversal vulnerability in Dell products
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM.
network
low complexity
dell CWE-22
8.7
8.7
2020-04-15 CVE-2020-5350 OS Command Injection vulnerability in Dell EMC Integrated Data Protection Appliance
Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component.
network
low complexity
dell CWE-78
7.2
7.2
2020-03-18 CVE-2019-3762 Improper Certificate Validation vulnerability in Dell products
Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability.
network
low complexity
dell CWE-295
7.5
7.5
2019-10-09 CVE-2019-3765 Incorrect Permission Assignment for Critical Resource vulnerability in Dell products
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability.
network
low complexity
dell CWE-732
8.1
8.1
2018-11-02 CVE-2018-11062 Use of Hard-coded Credentials vulnerability in Dell EMC Integrated Data Protection Appliance 2.0/2.1/2.2
Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords.
network
low complexity
dell CWE-798
8.8
8.8
2018-08-10 CVE-2018-11048 XXE vulnerability in Dell products
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API.
network
low complexity
dell CWE-611
8.1
8.1