CVE-2021-36317

Published: Dec 21, 2021Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Affected (2)

Products: Dell: Emc Avamar Server, Emc Powerprotect Data Protection Appliance

2 products

Emc Avamar Server

Emc Powerprotect Data Protection Appliance

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dell Emc Avamar Server	Version 19.4
Dell Emc Powerprotect Data Protection Appliance	Version 2.7

Related CWEs

Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (4)

https://security.gentoo.org/glsa/202210-09

Source: security_alert@emc.com

Third Party Advisory

https://www.dell.com/support/kbdoc/000193369

Source: security_alert@emc.com

PatchVendor Advisory

https://security.gentoo.org/glsa/202210-09

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.dell.com/support/kbdoc/000193369

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.