Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.
References
Link | Resource |
---|---|
https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Jan 2021, 18:04
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 | |
References | (CONFIRM) https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities - Patch, Vendor Advisory | |
CPE | cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.5:*:*:*:*:*:*:* cpe:2.3:a:dell:emc_avamar_server:19.2:*:*:*:*:*:*:* cpe:2.3:a:dell:emc_avamar_server:19.1:*:*:*:*:*:*:* cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.6:*:*:*:*:*:*:* cpe:2.3:a:dell:emc_avamar_server:19.3:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.5
v3 : 8.7 |
14 Jan 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-14 21:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-29494
Mitre link : CVE-2020-29494
CVE.ORG link : CVE-2020-29494
JSON object : View
Products Affected
dell
- emc_integrated_data_protection_appliance
- emc_avamar_server
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')