CVE-2021-36318

Published: Dec 21, 2021Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.

Affected (5)

Products: Dell: Emc Avamar Server

1 product

Emc Avamar Server

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Dell Emc Avamar Server	Version 18.2
Dell Emc Avamar Server	Version 19.1
Dell Emc Avamar Server	Version 19.2
Dell Emc Avamar Server	Version 19.3
Dell Emc Avamar Server	Version 19.4

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (4)

https://security.gentoo.org/glsa/202210-09

Source: security_alert@emc.com

Third Party Advisory

https://www.dell.com/support/kbdoc/000193369

Source: security_alert@emc.com

PatchVendor Advisory

https://security.gentoo.org/glsa/202210-09

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.dell.com/support/kbdoc/000193369

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.