DSA-2024-489: Security update for Dell Avamar and Dell Avamar Virtual Edition Multiple Vulnerabilities
Summary: Dell Avamar and Dell Avamar Virtual Edition remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2024-47484 | Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | 8.2 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| CVE-2024-47977 | Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | 7.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L |
| CVE-2024-52538 | Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. | 7.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2024-47484 | Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | 8.2 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| CVE-2024-47977 | Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | 7.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L |
| CVE-2024-52538 | Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. | 7.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L |
Affected Products & Remediation
| Product | Software/Firmware | Affected Versions | Remediated Version | Link |
| Dell Avamar Data Store Gen4T | SUSE Linux Enterprise 12 SP5 | Version 19.12 | Version 19.12 with patch 338905 or later | Avamar Downloads Area |
| Dell Avamar Data Store Gen4T | SUSE Linux Enterprise 12 SP5 | Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 | Version 19.10 and 19.10SP1 with patch 338869 or later | Avamar Downloads Area |
| Dell Avamar Data Store Gen5A | SUSE Linux Enterprise 12 SP5 | Version 19.12 | Version 19.12 with patch 338905 or later | Avamar Downloads Area |
| Dell Avamar Data Store Gen5A | SUSE Linux Enterprise 12 SP5 | Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 | Version 19.10 and 19.10SP1 with patch 338869 or later | Avamar Downloads Area |
| Avamar Virtual Edition for VMware ESXi and vSphere | SUSE Linux Enterprise 12 SP5 | Version 19.12 | Version 19.12 with patch 338905 or later | Avamar Downloads Area |
| Avamar Virtual Edition for VMware ESXi and vSphere | SUSE Linux Enterprise 12 SP5 | Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 | Version 19.10 and 19.10SP1 with patch 338869 or later | Avamar Downloads Area |
| Avamar Virtual Edition for VMware vSphere only | SUSE Linux Enterprise 12 SP5 | Version 19.12 | Version 19.12 with patch 338905 or later | Avamar Downloads Area |
| Avamar Virtual Edition for VMware vSphere only | SUSE Linux Enterprise 12 SP5 | Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 | Version 19.10 and 19.10SP1 with patch 338869 or later | Avamar Downloads Area |
| Dell Avamar Server | SUSE Linux Enterprise 12 SP5 | Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 | Version 19.10 and 19.10SP1 with patch 338869 or later | Avamar Downloads Area |
| Product | Software/Firmware | Affected Versions | Remediated Version | Link |
| Dell Avamar Data Store Gen4T | SUSE Linux Enterprise 12 SP5 | Version 19.12 | Version 19.12 with patch 338905 or later | Avamar Downloads Area |
| Dell Avamar Data Store Gen4T | SUSE Linux Enterprise 12 SP5 | Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 | Version 19.10 and 19.10SP1 with patch 338869 or later | Avamar Downloads Area |
| Dell Avamar Data Store Gen5A | SUSE Linux Enterprise 12 SP5 | Version 19.12 | Version 19.12 with patch 338905 or later | Avamar Downloads Area |
| Dell Avamar Data Store Gen5A | SUSE Linux Enterprise 12 SP5 | Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 | Version 19.10 and 19.10SP1 with patch 338869 or later | Avamar Downloads Area |
| Avamar Virtual Edition for VMware ESXi and vSphere | SUSE Linux Enterprise 12 SP5 | Version 19.12 | Version 19.12 with patch 338905 or later | Avamar Downloads Area |
| Avamar Virtual Edition for VMware ESXi and vSphere | SUSE Linux Enterprise 12 SP5 | Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 | Version 19.10 and 19.10SP1 with patch 338869 or later | Avamar Downloads Area |
| Avamar Virtual Edition for VMware vSphere only | SUSE Linux Enterprise 12 SP5 | Version 19.12 | Version 19.12 with patch 338905 or later | Avamar Downloads Area |
| Avamar Virtual Edition for VMware vSphere only | SUSE Linux Enterprise 12 SP5 | Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 | Version 19.10 and 19.10SP1 with patch 338869 or later | Avamar Downloads Area |
| Dell Avamar Server | SUSE Linux Enterprise 12 SP5 | Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 | Version 19.10 and 19.10SP1 with patch 338869 or later | Avamar Downloads Area |
Notes:
- The README file, included in the hotfix .zip download package, provides a comprehensive list of vulnerabilities remediated in this cumulative update, including both recent and previously identified vulnerabilities.
- To schedule a platform security patch installation or server upgrade, please contact Dell Customer Support. Dell recommends upgrading the latest release/version of your product.
- Upgrading from Dell Avamar 19.10 GA (19.10.0-135) to 19.10 SP1 (19.10.0-166) is not supported if the new Avamar MCS cumulative hotfix has already been installed. For full details and guidance, please refer to KB 000242572: The Avamar upgrade from 19.10.0-135 to 19.10.0-166 fails when the MCS hotfix is installed.
Workarounds & Mitigations
None
Revision History
| Revision | Date | Description |
| 1.0 | 2024-12-10 | Initial Release |
| 2.0 | 2024-12-16 | Updated CVE descriptions |
| 3.0 | 2025-07-21 | Updated CVE descriptions, additional information section and added affected version 19.12 |
Acknowledgements
Dell would like to thank Kentaro Kawane of GMO Cybersecurity by Ierae working with Trend Micro Zero Day Initiative for reporting this issue.
Related Information
Legal Disclaimer
Affected Products
Avamar, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Virtual EditionArticle Properties
Article Number: 000258636
Article Type: Dell Security Advisory
Last Modified: 21 Jul 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.