CVE-2024-47977

Published: Dec 10, 2024Modified: Aug 4, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Affected (6)

Products: Dell: Avamar Server

Dell

1 product

Avamar Server

Configuration A

6 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Dell Avamar Server	Version 19.10
Dell Avamar Server	Version 19.10 sp1
Dell Avamar Server	Version 19.4
Dell Avamar Server	Version 19.7
Dell Avamar Server	Version 19.8
Dell Avamar Server	Version 19.9

Running on/with	Platform Versions
Dell Avamar Data Store	Version gen4t
Dell Avamar Data Store	Version gen5a

Related CWEs

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

References (1)

https://www.dell.com/support/kbdoc/en-us/000258636/dsa-2024-489-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-security-update-for-multiple-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.