Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-3765

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.

Published

2019-10-09T20:15:27.800

Last Modified

2024-11-21T04:42:29.283

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-732
Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dell	emc_avamar_server	7.4.1	Yes
Application	dell	emc_avamar_server	7.5.0	Yes
Application	dell	emc_avamar_server	7.5.1	Yes
Application	dell	emc_avamar_server	18.2	Yes
Application	dell	emc_avamar_server	19.1	Yes
Application	dell	emc_integrated_data_protection_appliance	≤ 2.4	Yes

References

https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability Vendor Advisory ([email protected])
https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)