cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-21117,https://securityvulnerability.io/vulnerability/CVE-2025-21117,Access Token Reuse Vulnerability in Dell Avamar AUI,"Dell Avamar, starting from version 19.4, is impacted by a vulnerability in the AUI, allowing a low-privileged local attacker to potentially exploit access token reuse. This security flaw could enable attackers to impersonate legitimate users, posing a significant security risk. It is crucial for users of the affected versions to assess their security measures and apply the necessary updates to mitigate this vulnerability.",Dell,Avamar,6.6,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-05T13:10:39.190Z,0
CVE-2024-47977,https://securityvulnerability.io/vulnerability/CVE-2024-47977,Avamar SQL Injection Vulnerability Could Lead to Command Execution,"Dell Avamar versions 19.x are susceptible to an SQL injection vulnerability that allows low privileged attackers with remote access to exploit the system. This weakness arises from improper neutralization of special elements utilized in SQL commands. Successful exploitation could facilitate command execution, potentially compromising the integrity and security of the data managed by Avamar. Users are advised to apply available security updates to mitigate the risk associated with this vulnerability.",Dell,Avamar,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T10:26:54.861Z,0
CVE-2024-47484,https://securityvulnerability.io/vulnerability/CVE-2024-47484,Dell Avamar SQL Injection Vulnerability,"The vulnerability in Dell Avamar's 19.x versions involves improper neutralization of input elements used in SQL commands, commonly referred to as SQL injection. An attacker lacking authentication can exploit this vulnerability remotely, potentially enabling them to execute arbitrary commands on the affected system. This issue necessitates immediate attention to safeguard against unauthorized access and command execution risks.",Dell,Avamar,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T10:21:56.484Z,0
CVE-2024-52538,https://securityvulnerability.io/vulnerability/CVE-2024-52538,Dell Avamar SQL Injection Vulnerability Affects Server Data Security,"The vulnerability in Dell Avamar versions 19.x involves an improper neutralization of special elements utilized in SQL commands, leading to potential SQL injection attacks. An attacker with low privileges and remote access may exploit this vulnerability, enabling unauthorized script injection and further manipulation of the application. Organizations using affected versions of Dell Avamar should apply relevant security updates promptly to mitigate potential risks associated with this vulnerability.",Dell,Avamar,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T10:16:04.791Z,0
CVE-2021-36318,https://securityvulnerability.io/vulnerability/CVE-2021-36318,Plain-Text Password Storage Vulnerability in Dell EMC Avamar,"Dell EMC Avamar versions 18.2 through 19.4 have a vulnerability concerning plain-text password storage. This flaw allows a high-privileged user to potentially exploit the vulnerability, which could result in a complete outage of the system. Organizations using these versions should prioritize updating to secure their data and prevent unauthorized access.",Dell,Avamar,6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-12-21T17:15:00.000Z,0
CVE-2021-36317,https://securityvulnerability.io/vulnerability/CVE-2021-36317,Password Storage Weakness in Dell EMC Avamar Server,"Dell EMC Avamar Server version 19.4 has a weakness in how it handles password storage within AvInstaller, allowing local attackers to exploit this flaw. By leveraging this vulnerability, attackers may gain access to sensitive user credentials stored in plain text. This exposure can lead to the unauthorized use of those credentials, enabling the attacker to operate with the same privileges as the compromised accounts.",Dell,Avamar,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-12-21T17:15:00.000Z,0
CVE-2021-36316,https://securityvulnerability.io/vulnerability/CVE-2021-36316,Improper Privilege Management in Dell EMC Avamar Server AUI,"Dell EMC Avamar Server versions 18.2 through 19.4 are impacted by an improper privilege management vulnerability affecting the Administrative User Interface (AUI). A malicious actor with elevated privileges could exploit this flaw, enabling unauthorized access to sensitive AUI information and the ability to conduct unauthorized operations, potentially compromising the integrity of the system.",Dell,Avamar,6.7,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2021-12-21T17:15:00.000Z,0
CVE-2020-5329,https://securityvulnerability.io/vulnerability/CVE-2020-5329,Open Redirect Vulnerability in Dell EMC Avamar Server,"The Dell EMC Avamar Server is susceptible to an open redirect vulnerability that allows a remote unauthenticated attacker to redirect users to arbitrary URLs. By crafting malicious links, attackers can trick victims into clicking on these links, leading them to potentially harmful websites. This vulnerability emphasizes the importance of secure coding practices to prevent unauthorized redirection and protect users from phishing and other security threats.",Dell,Avamar,6.1,MEDIUM,0.001230000052601099,false,,false,false,false,,,false,false,,2021-07-29T16:15:00.000Z,0
CVE-2020-5341,https://securityvulnerability.io/vulnerability/CVE-2020-5341,Deserialization of Untrusted Data Vulnerability in Dell EMC Avamar Server and Integrated Data Protection Appliance,"A deserialization of untrusted data vulnerability exists in specific versions of Dell EMC Avamar Server and Integrated Data Protection Appliance. This security issue allows a remote unauthenticated attacker to exploit the vulnerability by sending a crafted serialized payload, which could lead to unauthorized code execution on the affected systems. Organizations using these products should take immediate steps to apply the necessary patches to mitigate potential risks.",Dell,Avamar Virtual Edition,9.8,CRITICAL,0.0037899999879300594,false,,false,false,false,,,false,false,,2021-07-28T00:15:00.000Z,0
CVE-2019-3752,https://securityvulnerability.io/vulnerability/CVE-2019-3752,,"Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request.",Dell,Avamar,8.2,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2021-07-16T22:15:00.000Z,0
CVE-2021-21511,https://securityvulnerability.io/vulnerability/CVE-2021-21511,,"Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data.",Dell,Avamar,8.1,HIGH,0.002420000033453107,false,,false,false,false,,,false,false,,2021-02-15T22:15:00.000Z,0
CVE-2020-29493,https://securityvulnerability.io/vulnerability/CVE-2020-29493,,"DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.",Dell,Avamar,10,CRITICAL,0.0013099999632686377,false,,false,false,false,,,false,false,,2021-01-14T21:15:00.000Z,0
CVE-2020-29494,https://securityvulnerability.io/vulnerability/CVE-2020-29494,,"Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.",Dell,Avamar,8.7,HIGH,0.0012199999764561653,false,,false,false,false,,,false,false,,2021-01-14T21:15:00.000Z,0
CVE-2020-29495,https://securityvulnerability.io/vulnerability/CVE-2020-29495,,"DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.",Dell,Avamar,10,CRITICAL,0.0029700000304728746,false,,false,false,false,,,false,false,,2021-01-14T21:15:00.000Z,0
CVE-2019-3765,https://securityvulnerability.io/vulnerability/CVE-2019-3765,,"Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.",Dell,"Avamar,Integrated Data Protection Appliance",8.1,HIGH,0.0019199999514967203,false,,false,false,false,,,false,false,,2019-10-09T20:15:00.000Z,0
CVE-2019-3737,https://securityvulnerability.io/vulnerability/CVE-2019-3737,Dell EMC Avamar Security Update for ADMe Web UI Vulnerability,Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.,Dell,Avamar,8.6,HIGH,0.0017999999690800905,false,,false,false,false,,,false,false,,2019-06-19T23:15:00.000Z,0
CVE-2018-11066,https://securityvulnerability.io/vulnerability/CVE-2018-11066,Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability,"Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.",Dell,"Avamar,Integrated Data Protection Appliance",9.8,CRITICAL,0.02775000035762787,false,,false,false,false,,,false,false,,2018-11-26T20:29:00.000Z,0
CVE-2018-11076,https://securityvulnerability.io/vulnerability/CVE-2018-11076,Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability,"Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.",Dell,"Avamar,Integrated Data Protection Appliance",6.5,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2018-11-26T20:29:00.000Z,0
CVE-2018-11067,https://securityvulnerability.io/vulnerability/CVE-2018-11067,Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability,"Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.",Dell,"Avamar,Integrated Data Protection Appliance",6.1,MEDIUM,0.0016400000313296914,false,,false,false,false,,,false,false,,2018-11-26T20:29:00.000Z,0
CVE-2018-11077,https://securityvulnerability.io/vulnerability/CVE-2018-11077,Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability,"'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.",Dell,"Avamar,Integrated Data Protection Appliance",6.7,MEDIUM,0.0034799999557435513,false,,false,false,false,,,false,false,,2018-11-26T20:29:00.000Z,0
CVE-2018-1217,https://securityvulnerability.io/vulnerability/CVE-2018-1217,,"Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials.",Dell,"Avamar, Integrated Data Protection Appliance",9.8,CRITICAL,0.3868800103664398,false,,false,false,false,,,false,false,,2018-04-09T20:29:00.000Z,0