Details of VAR-202107-0409

ID

VAR-202107-0409

CVE

CVE-2020-5329

TITLE

DELL Dell EMC Avamar Server Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202002-1248

DESCRIPTION

Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.08

sources: NVD: CVE-2020-5329 // VULHUB: VHN-183454 // VULMON: CVE-2020-5329

AFFECTED PRODUCTS

vendor:	dell	model:	emc avamar server	scope:	eq	version:	7.4.1	Trust: 1.0
vendor:	dell	model:	emc avamar server	scope:	eq	version:	7.3.1	Trust: 1.0

sources: NVD: CVE-2020-5329

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5329
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2020-5329
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202002-1248
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-183454
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-5329
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-5329
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-183454
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-5329
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2020-5329
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-183454 // VULMON: CVE-2020-5329 // CNNVD: CNNVD-202002-1248 // NVD: CVE-2020-5329 // NVD: CVE-2020-5329

PROBLEMTYPE DATA

problemtype:

CWE-601

Trust: 1.1

sources: VULHUB: VHN-183454 // NVD: CVE-2020-5329

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-1248

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202002-1248

PATCH

title:

Dell EMC Avamar Server Enter the fix for the verification error vulnerability

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110613

Trust: 0.6

sources: CNNVD: CNNVD-202002-1248

EXTERNAL IDS

db:	NVD	id:	CVE-2020-5329	Trust: 1.8
db:	CNNVD	id:	CNNVD-202002-1248	Trust: 0.7
db:	VULHUB	id:	VHN-183454	Trust: 0.1
db:	VULMON	id:	CVE-2020-5329	Trust: 0.1

sources: VULHUB: VHN-183454 // VULMON: CVE-2020-5329 // CNNVD: CNNVD-202002-1248 // NVD: CVE-2020-5329

REFERENCES

url:	https://www.dell.com/support/security/en-us/details/541529/dsa-2020-046-dell-emc-avamar-server-open-redirect-vulnerability	Trust: 1.8
url:	https://vigilance.fr/vulnerability/dell-emc-avamar-server-open-redirect-31680	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/601.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-183454 // VULMON: CVE-2020-5329 // CNNVD: CNNVD-202002-1248 // NVD: CVE-2020-5329

SOURCES

db:	VULHUB	id:	VHN-183454
db:	VULMON	id:	CVE-2020-5329
db:	CNNVD	id:	CNNVD-202002-1248
db:	NVD	id:	CVE-2020-5329

LAST UPDATE DATE

2024-08-14T14:31:41.411000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-183454	date:	2021-08-06T00:00:00
db:	VULMON	id:	CVE-2020-5329	date:	2021-08-06T00:00:00
db:	CNNVD	id:	CNNVD-202002-1248	date:	2021-08-09T00:00:00
db:	NVD	id:	CVE-2020-5329	date:	2021-08-06T13:28:49.123

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-183454	date:	2021-07-29T00:00:00
db:	VULMON	id:	CVE-2020-5329	date:	2021-07-29T00:00:00
db:	CNNVD	id:	CNNVD-202002-1248	date:	2020-02-26T00:00:00
db:	NVD	id:	CVE-2020-5329	date:	2021-07-29T16:15:08.527