DSA-2021-033 Dell EMC Avamar Server Improper Authorization Vulnerability
Summary: Dell EMC Avamar Server contains remediation for improper authorization vulnerability that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVE(s) | Description | CVSSBase Score | CVSS Vector String |
| CVE-2021-21511 | Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker may potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data. | 8.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
| Proprietary Code CVE(s) | Description | CVSSBase Score | CVSS Vector String |
| CVE-2021-21511 | Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker may potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data. | 8.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Affected Products & Remediation
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2021-21511 | Dell EMC Avamar Server | 19.3 | Hotfix | 327927 |
| Dell EMC Avamar Server | 19.4 | Hotfix | 329256 | |
| Dell EMC Integrated Data Protection Appliance (IDPA) | 2.6 | Hotfix | 327927 |
Refer to KB Article 69982: How to install an Avamar .avp hotfix using Avamar Installer (AVI) for instructions on applying the hotfix. It is recommended to schedule this activity.
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2021-21511 | Dell EMC Avamar Server | 19.3 | Hotfix | 327927 |
| Dell EMC Avamar Server | 19.4 | Hotfix | 329256 | |
| Dell EMC Integrated Data Protection Appliance (IDPA) | 2.6 | Hotfix | 327927 |
Refer to KB Article 69982: How to install an Avamar .avp hotfix using Avamar Installer (AVI) for instructions on applying the hotfix. It is recommended to schedule this activity.
Revision History
| Revision | Date | Description |
| 1.0 | 2021-02-04 | initial release |
| 1.1 | 2021-03-16 | direct link to update for version 19.4 |
Related Information
Legal Disclaimer
Affected Products
Avamar, Avamar Server, PowerProtect Data Protection Software, PowerProtect Data Protection Hardware, Product Security InformationArticle Properties
Article Number: 000182926
Article Type: Dell Security Advisory
Last Modified: 01 Nov 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.