Dell Avamar SQL Injection Vulnerability Affects Server Data Security

CVE-2024-52538

7.6HIGH

Key Information

Vendor: Dell
Status: Avamar
Vendor: CVE Published:; 10 December 2024

Summary

Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

Affected Version(s)

Avamar = 19.4

Avamar = 19.7

Avamar = 19.8

References

https://www.dell.com/support/kbdoc/en-us/000258636/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024
Vulnerability Reserved
Nov 12, 2024

Collectors

NVD DatabaseMitre Database

Credit

Dell would like to thank Kentaro Kawane of GMO Cybersecurity by Ierae working with Trend Micro Zero Day Initiative for reporting this issue.