RSS   Vulnerabilities for 'Emc avamar'   RSS

2018-11-26
 
CVE-2018-11077

CWE-78
 

 
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.

 
 
CVE-2018-11076

CWE-200
 

 
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.

 
 
CVE-2018-11067

CWE-601
 

 
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.

 
 
CVE-2018-11066

CWE-77
 

 
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.

 
2018-04-09
 
CVE-2018-1217

CWE-255
 

 
Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials.

 

 >>> Vendor: DELL 115 Products
Openmanage
Truemobile 1300 wlan mini-pci card util trayapplet
Truemobile 2300 wireless broadband router
3000cn
3010cn
3100cn
3110cn
5100cn
5110cn
Openmanage cd
Remote access card
Dellsystemlite.scanner activex control
Kace k2000 systems deployment appliance
Powervault ml6000 firmware
Powervault ml6000
Powervault ml6010
Powervault ml6020
Powervault ml6030
Wyse device manager
Sonicwall scrutinizer
Sonicwall scrutinizer with flow analytics module
Crowbar
Sonicwall viewpoint
Openmanage server administrator
Powerconnect 6248p
Idrac6 bmc
Idrac6 firmware
Latitude d
Latitude e
Latitude xt2
Latitude z600
Precision m
Latitude d530
Latitude d531
Latitude d630
Latitude d631
Latitude d830
Latitude e4200
Latitude e4300
Latitude e5400
Latitude e5500
Latitude e6400
Latitude e6400 atg
Latitude e6400 atg xfr
Latitude e6500
Precision m2300
Precision m2400
Precision m4300
Precision m4400
Precision m6300
Precision m6400
Precision m6500
Idrac6 monolithic
Idrac7
Idrac7 firmware
Quest one password manager
Sonicwall analyzer
Sonicwall global management system
Sonicwall universal management appliance e5000 software
Sonicwall universal management appliance e5000
Powerconnect 3348
Powerconnect 3524p
Powerconnect 5324
Kace k1000 systems management appliance software
Kace k1000 systems management virtual appliance
Kace k1000 systems management appliance
Kace k1100s systems management appliance
Kace k1200s systems management appliance
Sonicwall network security appliance 2400
Sonicwall email security
Sonicwall umaem5000
Equallogic ps4000 firmware
Idrac6 modular
Asset manager
Sonicwall sonicos
Sonicwall secure remote access firmware
Sonicwall umaem5000 firmware
Netvault backup
BIOS
Sonicwall netextender firmware
Sonicwall totalsecure tz 100 firmware
Pre-boot authentication driver
Sonicwall uma em5000 firmware
Secureworks
Km714 firmware
Km632 firmware
Idrac8 firmware
Sonicwall secure remote access server
Integrated remote access controller firmware
Storage manager 2016
Emc supportassist enterprise
Emc vmax embedded management
Emc isilon
Emc isilon onefs
Emc networker
Emc avamar
Emc integrated data protection appliance
Emc vipr srm
Emc vmax enas
Emc vnx1 operating environment
See all Products for Vendor DELL


Copyright 2019, cxsecurity.com

 

Back to Top