Dell Avamar SQL Injection Vulnerability Affects Server Data Security
CVE-2024-52538

8.8HIGH

Key Information:

Vendor: Dell
Status: Avamar
Vendor: CVE Published:; 10 December 2024

Summary

The vulnerability in Dell Avamar versions 19.x involves an improper neutralization of special elements utilized in SQL commands, leading to potential SQL injection attacks. An attacker with low privileges and remote access may exploit this vulnerability, enabling unauthorized script injection and further manipulation of the application. Organizations using affected versions of Dell Avamar should apply relevant security updates promptly to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Avamar 19.4

Avamar 19.7

Avamar 19.8

References

https://www.dell.com/support/kbdoc/en-us/000258636/dsa-20...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024
Vulnerability Reserved
Nov 12, 2024

Credit

Dell would like to thank Kentaro Kawane of GMO Cybersecurity by Ierae working with Trend Micro Zero Day Initiative for reporting this issue.