DSA-2024-489: Security update for Dell Avamar and Dell Avamar Virtual Edition Security Update for Multiple Vulnerabilities.
Summary: Dell Avamar and Dell Avamar Virtual Edition remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2024-47977 |
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. |
7.1 |
|
| CVE-2024-47484 |
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. |
8.2 |
|
| CVE-2024-52538 |
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. |
7.6 |
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2024-47977 |
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. |
7.1 |
|
| CVE-2024-47484 |
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. |
8.2 |
|
| CVE-2024-52538 |
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. |
7.6 |
Affected Products & Remediation
| Product |
Affected Versions |
Remediated Versions |
Link |
| Dell Avamar Server |
Versions 19.4, 19.7, 19.8, 19.9, 19.10 & 19.10SP1 |
Avamar CHF 338869 on 19.10 and 19.10SP1 |
|
| Dell Avamar Data Store Gen5A, Gen4T |
Versions 19.4, 19.7, 19.8, 19.9, 19.10 & 19.10SP1 |
Avamar CHF 338869 on 19.10 and 19.10SP1 |
| Product |
Affected Versions |
Remediated Versions |
Link |
| Dell Avamar Server |
Versions 19.4, 19.7, 19.8, 19.9, 19.10 & 19.10SP1 |
Avamar CHF 338869 on 19.10 and 19.10SP1 |
|
| Dell Avamar Data Store Gen5A, Gen4T |
Versions 19.4, 19.7, 19.8, 19.9, 19.10 & 19.10SP1 |
Avamar CHF 338869 on 19.10 and 19.10SP1 |
• Please refer to KB 000242572 before installing the HF on 19.10.
• The CVEs remedied by this security update are listed. The list not only have the new CVEs remedied by this update, but all the past CVEs included in this cumulative update.
• Dell recommends that you always upgrade to the latest release/version for your product.
• To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/product-support/product/avamar/drivers
Revision History
|
Revision |
Date |
Description |
|
1.0 |
2024-12-10 |
Initial Release |
|
2.0 |
2024-12-16 |
Updated the Description of CVE-2024-47977, CVE-2024-47484, CVE-2024-52538 |
Acknowledgements
Dell would like to thank Kentaro Kawane of GMO Cybersecurity by Ierae working with Trend Micro Zero Day Initiative for reporting this issue.
Related Information
Legal Disclaimer
Affected Products
Avamar, Avamar Data Store, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Server, Avamar Virtual EditionArticle Properties
Article Number: 000258636
Article Type: Dell Security Advisory
Last Modified: 21 Dec 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.