CVE-2021-36316

Published: Dec 21, 2021Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure of the AUI info and performing some unauthorized operation on the AUI.

Affected (5)

Products: Dell: Emc Avamar Server

Dell

1 product

Emc Avamar Server

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Dell Emc Avamar Server	Version 18.2
Dell Emc Avamar Server	Version 19.1
Dell Emc Avamar Server	Version 19.2
Dell Emc Avamar Server	Version 19.3
Dell Emc Avamar Server	Version 19.4

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://www.dell.com/support/kbdoc/000193369

Source: security_alert@emc.com

PatchVendor Advisory

https://www.dell.com/support/kbdoc/000193369

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.