Description
Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low
Affected products
- Dell / Avamar Server19.8 through 19.10 – 19.10 SP1 with CHF 338904 or later
- Dell / Avamar Virtual Edition19.8 through 19.10 – 19.10 SP1 with CHF 338904 or later