CVE-2019-3765
8.1
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
Summary
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell | Avamar | 7.4.1 | affected |
| Dell | Avamar | 7.5.0 | affected |
| Dell | Avamar | 7.5.1 | affected |
| Dell | Avamar | 18.2 | affected |
| Dell | Avamar | 19.1 | affected |
| Dell | Integrated Data Protection Appliance | 2.0 | affected |
| Dell | Integrated Data Protection Appliance | 2.1 | affected |
| Dell | Integrated Data Protection Appliance | 2.2 | affected |
Weaknesses
- CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.