DSA-2020-272 Dell EMC Avamar Server and Dell EMC Integrated Data Protection Appliance Security Update for Multiple Vulnerabilities

Resumen: Dell EMC Avamar Server and Dell EMC Integrated Data Protection Appliance (IDPA) contain remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

Este artículo se aplica a: Este artículo no se aplica a: Este artículo no está vinculado a ningún producto específico. En este artículo no se identifican todas las versiones de los productos.
Consultar otros recursos

Impacto

Critical

Detalles

Proprietary Code CVE(s) Description CVSSBase Score CVSS Vector String
CVE-2020-29493 DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity. 10.0 CVSS:3.1/ AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2020-29494
 		 Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user may potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.
 		 8.7 CVSS:3.1/ AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
CVE-2020-29495
 		 DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.
 		 10.0 CVSS:3.1/ AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
     
Proprietary Code CVE(s) Description CVSSBase Score CVSS Vector String
CVE-2020-29493 DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity. 10.0 CVSS:3.1/ AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2020-29494
 		 Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user may potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.
 		 8.7 CVSS:3.1/ AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
CVE-2020-29495
 		 DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.
 		 10.0 CVSS:3.1/ AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
     
Dell Technologies recomienda que todos los clientes tengan en cuenta la puntuación base CVSS y las puntuaciones temporales o de entorno relevantes que puedan afectar a la posible gravedad asociada a una determinada vulnerabilidad de seguridad.

Productos afectados y corrección

CVE(s) Addressed  Product Affected Version(s) Updated Version(s) Link to Update
CVE-2020-29493,
CVE-2020-29494,
CVE-2020-29495
 		 Dell EMC Avamar Server 19.1 Hotfix 325443
Dell EMC Avamar Server 19.2 Hotfix 325444
Dell EMC Avamar Server 19.3 Hotfix 325445
Dell EMC Integrated Data Protection Appliance (IDPA) 2.5 Hotfix 325443
Dell EMC Integrated Data Protection Appliance (IDPA) 2.6 Hotfix 325445
CVE(s) Addressed  Product Affected Version(s) Updated Version(s) Link to Update
CVE-2020-29493,
CVE-2020-29494,
CVE-2020-29495
 		 Dell EMC Avamar Server 19.1 Hotfix 325443
Dell EMC Avamar Server 19.2 Hotfix 325444
Dell EMC Avamar Server 19.3 Hotfix 325445
Dell EMC Integrated Data Protection Appliance (IDPA) 2.5 Hotfix 325443
Dell EMC Integrated Data Protection Appliance (IDPA) 2.6 Hotfix 325445

Historial de revisiones

RevisionDateDescription
1.001/12/2021Initial Release

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Aviso legal

Productos afectados

Avamar, PowerProtect Data Protection Appliance, Avamar Server, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software , Product Security Information ...
Propiedades del artículo
Número de artículo: 000181806
Tipo de artículo: Dell Security Advisory
Última modificación: 19 sept 2025
Encuentra las respuestas que necesitas con la ayuda de otros usuarios de Dell
Servicios de asistencia
Comprueba si tu dispositivo está cubierto por los servicios de asistencia.