CVE-2019-3765

Summary

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.

Affected Software

VendorProductVersion RangeStatus
DellAvamar7.4.1affected
DellAvamar7.5.0affected
DellAvamar7.5.1affected
DellAvamar18.2affected
DellAvamar19.1affected
DellIntegrated Data Protection Appliance2.0affected
DellIntegrated Data Protection Appliance2.1affected
DellIntegrated Data Protection Appliance2.2affected

Weaknesses

  • CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CVE Program Container

Additional References

References