Sign-up

ID

VAR-202101-0516


CVE

CVE-2020-29493


TITLE

DELL EMC Avamar Server  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-015494

DESCRIPTION

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity. DELL Dell EMC Avamar Server is a set of fully virtualized backup and recovery software for servers from Dell (DELL)

Trust: 1.8

sources: NVD: CVE-2020-29493 // JVNDB: JVNDB-2020-015494 // VULHUB: VHN-376197 // VULMON: CVE-2020-29493

AFFECTED PRODUCTS

vendor:dellmodel:emc avamar serverscope:eqversion:19.3

Trust: 1.0

vendor:dellmodel:emc avamar serverscope:eqversion:19.1

Trust: 1.0

vendor:dellmodel:emc avamar serverscope:eqversion:19.2

Trust: 1.0

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.6

Trust: 1.0

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.5

Trust: 1.0

vendor:デルmodel:dell emc avamar serverscope: - version: -

Trust: 0.8

vendor:デルmodel:dell emc integrated data protection appliancescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-015494 // NVD: CVE-2020-29493

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-29493
value: CRITICAL

Trust: 1.0

security_alert@emc.com: CVE-2020-29493
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-29493
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202101-1134
value: CRITICAL

Trust: 0.6

VULHUB: VHN-376197
value: HIGH

Trust: 0.1

VULMON: CVE-2020-29493
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-29493
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-376197
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-29493
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2020-29493
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2020-29493
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-376197 // VULMON: CVE-2020-29493 // JVNDB: JVNDB-2020-015494 // CNNVD: CNNVD-202101-1134 // NVD: CVE-2020-29493 // NVD: CVE-2020-29493

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.1

problemtype:SQL injection (CWE-89) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-376197 // JVNDB: JVNDB-2020-015494 // NVD: CVE-2020-29493

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1134

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202101-1134

PATCH

title:DSA-2020-272 Dell EMC Avamar Server Security Update for Multiple Vulnerabilitiesurl:https://www.dell.com/support/kbdoc/ja-jp/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities

Trust: 0.8

title:Dell EMC Avamar Server SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139566

Trust: 0.6

sources: JVNDB: JVNDB-2020-015494 // CNNVD: CNNVD-202101-1134

EXTERNAL IDS

db:NVDid:CVE-2020-29493

Trust: 2.6

db:JVNDBid:JVNDB-2020-015494

Trust: 0.8

db:CNNVDid:CNNVD-202101-1134

Trust: 0.7

db:VULHUBid:VHN-376197

Trust: 0.1

db:VULMONid:CVE-2020-29493

Trust: 0.1

sources: VULHUB: VHN-376197 // VULMON: CVE-2020-29493 // JVNDB: JVNDB-2020-015494 // CNNVD: CNNVD-202101-1134 // NVD: CVE-2020-29493

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-29493

Trust: 1.4

url:https://vigilance.fr/vulnerability/dell-emc-avamar-server-three-vulnerabilities-34355

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/89.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-376197 // VULMON: CVE-2020-29493 // JVNDB: JVNDB-2020-015494 // CNNVD: CNNVD-202101-1134 // NVD: CVE-2020-29493

SOURCES

db:VULHUBid:VHN-376197
db:VULMONid:CVE-2020-29493
db:JVNDBid:JVNDB-2020-015494
db:CNNVDid:CNNVD-202101-1134
db:NVDid:CVE-2020-29493

LAST UPDATE DATE

2024-11-23T23:01:10.232000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-376197date:2021-01-21T00:00:00
db:VULMONid:CVE-2020-29493date:2021-01-21T00:00:00
db:JVNDBid:JVNDB-2020-015494date:2021-09-29T08:18:00
db:CNNVDid:CNNVD-202101-1134date:2021-01-22T00:00:00
db:NVDid:CVE-2020-29493date:2024-11-21T05:24:06.510

SOURCES RELEASE DATE

db:VULHUBid:VHN-376197date:2021-01-14T00:00:00
db:VULMONid:CVE-2020-29493date:2021-01-14T00:00:00
db:JVNDBid:JVNDB-2020-015494date:2021-09-29T00:00:00
db:CNNVDid:CNNVD-202101-1134date:2021-01-14T00:00:00
db:NVDid:CVE-2020-29493date:2021-01-14T21:15:13.397