Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
References
Link | Resource |
---|---|
https://security.gentoo.org/glsa/202210-09 | Third Party Advisory |
https://www.dell.com/support/kbdoc/000193369 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2022, 18:59
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202210-09 - Third Party Advisory | |
CWE | CWE-522 |
16 Oct 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Jan 2022, 18:05
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://www.dell.com/support/kbdoc/000193369 - Patch, Vendor Advisory | |
CPE | cpe:2.3:a:dell:emc_avamar_server:19.4:*:*:*:*:*:*:* cpe:2.3:a:dell:emc_powerprotect_data_protection_appliance:2.7:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 6.7 |
21 Dec 2021, 17:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-21 17:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-36317
Mitre link : CVE-2021-36317
CVE.ORG link : CVE-2021-36317
JSON object : View
Products Affected
dell
- emc_avamar_server
- emc_powerprotect_data_protection_appliance