Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for avamar_data_migration_enabler_web_interface by dell
CVE-2019-3737 (GCVE-0-2019-3737)
Vulnerability from cvelistv5 – Published: 2019-06-19 22:28 – Updated: 2024-09-16 19:50
VLAI
Title
Dell EMC Avamar Security Update for ADMe Web UI Vulnerability
Summary
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.
Severity
8.6 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://seclists.org/fulldisclosure/2019/Jun/25 | x_refsource_MISC |
Impacted products
Date Public
2019-06-14 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:17.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2019/Jun/25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "ADMe Web UI 1.0.50"
},
{
"status": "affected",
"version": "ADMe Web UI 1.0.51"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dell EMC would like to thank Ken Pyle from DFDR Consulting for reporting this vulnerability."
}
],
"datePublic": "2019-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-19T22:28:07.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2019/Jun/25"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar Security Update for ADMe Web UI Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-06-14T04:00:00.000Z",
"ID": "CVE-2019-3737",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar Security Update for ADMe Web UI Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "ADMe Web UI",
"version_value": "1.0.50"
},
{
"version_affected": "=",
"version_name": "ADMe Web UI",
"version_value": "1.0.51"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dell EMC would like to thank Ken Pyle from DFDR Consulting for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2019/Jun/25",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2019/Jun/25"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3737",
"datePublished": "2019-06-19T22:28:07.263Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:50:59.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3737 (GCVE-0-2019-3737)
Vulnerability from nvd – Published: 2019-06-19 22:28 – Updated: 2024-09-16 19:50
VLAI
Title
Dell EMC Avamar Security Update for ADMe Web UI Vulnerability
Summary
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.
Severity
8.6 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://seclists.org/fulldisclosure/2019/Jun/25 | x_refsource_MISC |
Impacted products
Date Public
2019-06-14 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:17.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2019/Jun/25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Avamar",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "ADMe Web UI 1.0.50"
},
{
"status": "affected",
"version": "ADMe Web UI 1.0.51"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dell EMC would like to thank Ken Pyle from DFDR Consulting for reporting this vulnerability."
}
],
"datePublic": "2019-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-19T22:28:07.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2019/Jun/25"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC Avamar Security Update for ADMe Web UI Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-06-14T04:00:00.000Z",
"ID": "CVE-2019-3737",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar Security Update for ADMe Web UI Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "ADMe Web UI",
"version_value": "1.0.50"
},
{
"version_affected": "=",
"version_name": "ADMe Web UI",
"version_value": "1.0.51"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dell EMC would like to thank Ken Pyle from DFDR Consulting for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2019/Jun/25",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2019/Jun/25"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3737",
"datePublished": "2019-06-19T22:28:07.263Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:50:59.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}