Dell Avamar SQL Injection Vulnerability

CVE-2024-47484

8.2HIGH

Key Information

Vendor: Dell
Status: Avamar
Vendor: CVE Published:; 10 December 2024

Summary

Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Affected Version(s)

Avamar = 19.4

Avamar = 19.7

Avamar = 19.8

References

https://www.dell.com/support/kbdoc/en-us/000258636/dsa-20...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024
Vulnerability Reserved
Sep 25, 2024

Collectors

NVD DatabaseMitre Database

Credit

Dell would like to thank Kentaro Kawane of GMO Cybersecurity by Ierae working with Trend Micro Zero Day Initiative for reporting this issue.