Sign-up

ID

VAR-202102-0791


CVE

CVE-2021-21511


TITLE

Dell EMC Avamar Server  Authentication Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2021-003838

DESCRIPTION

Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data. DELL Dell EMC Avamar Server is a set of fully virtualized backup and recovery software for servers from Dell (DELL). An authorization issue vulnerability exists in Dell EMC Avamar Server, which originates from the lack of authentication measures or insufficient authentication strength in network systems or products

Trust: 1.71

sources: NVD: CVE-2021-21511 // JVNDB: JVNDB-2021-003838 // VULHUB: VHN-379915

AFFECTED PRODUCTS

vendor:dellmodel:emc avamar serverscope:eqversion:19.3

Trust: 1.0

vendor:dellmodel:emc avamar serverscope:eqversion:19.4

Trust: 1.0

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.6

Trust: 1.0

vendor:デルmodel:dell emc integrated data protection appliancescope: - version: -

Trust: 0.8

vendor:デルmodel:dell emc avamar serverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-003838 // NVD: CVE-2021-21511

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-21511
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2021-21511
value: HIGH

Trust: 1.0

NVD: CVE-2021-21511
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202102-1030
value: HIGH

Trust: 0.6

VULHUB: VHN-379915
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-21511
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-379915
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-21511
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-003838
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-379915 // JVNDB: JVNDB-2021-003838 // CNNVD: CNNVD-202102-1030 // NVD: CVE-2021-21511 // NVD: CVE-2021-21511

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-285

Trust: 1.0

problemtype:Bad authentication (CWE-863) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-003838 // NVD: CVE-2021-21511

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-1030

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-1030

PATCH

title:DSA-2021-033url:https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability

Trust: 0.8

title:Dell Dell EMC Avamar Server Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142336

Trust: 0.6

sources: JVNDB: JVNDB-2021-003838 // CNNVD: CNNVD-202102-1030

EXTERNAL IDS

db:NVDid:CVE-2021-21511

Trust: 2.5

db:JVNDBid:JVNDB-2021-003838

Trust: 0.8

db:CNNVDid:CNNVD-202102-1030

Trust: 0.6

db:VULHUBid:VHN-379915

Trust: 0.1

sources: VULHUB: VHN-379915 // JVNDB: JVNDB-2021-003838 // CNNVD: CNNVD-202102-1030 // NVD: CVE-2021-21511

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-21511

Trust: 1.4

url:https://vigilance.fr/vulnerability/dell-emc-avamar-server-read-write-access-via-user-backup-data-34546

Trust: 0.6

sources: VULHUB: VHN-379915 // JVNDB: JVNDB-2021-003838 // CNNVD: CNNVD-202102-1030 // NVD: CVE-2021-21511

SOURCES

db:VULHUBid:VHN-379915
db:JVNDBid:JVNDB-2021-003838
db:CNNVDid:CNNVD-202102-1030
db:NVDid:CVE-2021-21511

LAST UPDATE DATE

2024-11-23T22:20:52.624000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-379915date:2022-04-26T00:00:00
db:JVNDBid:JVNDB-2021-003838date:2021-11-05T09:08:00
db:CNNVDid:CNNVD-202102-1030date:2022-04-27T00:00:00
db:NVDid:CVE-2021-21511date:2024-11-21T05:48:30.330

SOURCES RELEASE DATE

db:VULHUBid:VHN-379915date:2021-02-15T00:00:00
db:JVNDBid:JVNDB-2021-003838date:2021-11-05T00:00:00
db:CNNVDid:CNNVD-202102-1030date:2021-02-10T00:00:00
db:NVDid:CVE-2021-21511date:2021-02-15T22:15:13.897