Dell Avamar SQL Injection Vulnerability
CVE-2024-47484

9.8CRITICAL

Key Information:

Vendor: Dell
Status: Avamar
Vendor: CVE Published:; 10 December 2024

Summary

The vulnerability in Dell Avamar's 19.x versions involves improper neutralization of input elements used in SQL commands, commonly referred to as SQL injection. An attacker lacking authentication can exploit this vulnerability remotely, potentially enabling them to execute arbitrary commands on the affected system. This issue necessitates immediate attention to safeguard against unauthorized access and command execution risks.

Affected Version(s)

Avamar 19.4

Avamar 19.7

Avamar 19.8

References

https://www.dell.com/support/kbdoc/en-us/000258636/dsa-20...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024
Vulnerability Reserved
Sep 25, 2024

Credit

Dell would like to thank Kentaro Kawane of GMO Cybersecurity by Ierae working with Trend Micro Zero Day Initiative for reporting this issue.