DSA-2024-489: Security update for Dell Avamar and Dell Avamar Virtual Edition Security Update for Multiple Vulnerabilities.
概要: Dell Avamar and Dell Avamar Virtual Edition remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
この記事は次に適用されます:
この記事は次には適用されません:
この記事は、特定の製品に関連付けられていません。
すべての製品パージョンがこの記事に記載されているわけではありません。
影響
High
詳細
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2024-47977 |
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. |
7.1 |
|
| CVE-2024-47484 |
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. |
8.2 |
|
| CVE-2024-52538 |
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. |
7.6 |
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2024-47977 |
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. |
7.1 |
|
| CVE-2024-47484 |
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. |
8.2 |
|
| CVE-2024-52538 |
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. |
7.6 |
影響を受ける製品と修復
| Product |
Affected Versions |
Remediated Versions |
Link |
| Dell Avamar Server |
Versions 19.4, 19.7, 19.8, 19.9, 19.10 & 19.10SP1 |
Avamar CHF 338869 on 19.10 and 19.10SP1 |
|
| Dell Avamar Data Store Gen5A, Gen4T |
Versions 19.4, 19.7, 19.8, 19.9, 19.10 & 19.10SP1 |
Avamar CHF 338869 on 19.10 and 19.10SP1 |
| Product |
Affected Versions |
Remediated Versions |
Link |
| Dell Avamar Server |
Versions 19.4, 19.7, 19.8, 19.9, 19.10 & 19.10SP1 |
Avamar CHF 338869 on 19.10 and 19.10SP1 |
|
| Dell Avamar Data Store Gen5A, Gen4T |
Versions 19.4, 19.7, 19.8, 19.9, 19.10 & 19.10SP1 |
Avamar CHF 338869 on 19.10 and 19.10SP1 |
• Please refer to KB 000242572 before installing the HF on 19.10.
• The CVEs remedied by this security update are listed. The list not only have the new CVEs remedied by this update, but all the past CVEs included in this cumulative update.
• Dell recommends that you always upgrade to the latest release/version for your product.
• To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/product-support/product/avamar/drivers
変更履歴
|
Revision |
Date |
Description |
|
1.0 |
2024-12-10 |
Initial Release |
|
2.0 |
2024-12-16 |
Updated the Description of CVE-2024-47977, CVE-2024-47484, CVE-2024-52538 |
確認
Dell would like to thank Kentaro Kawane of GMO Cybersecurity by Ierae working with Trend Micro Zero Day Initiative for reporting this issue.
関連情報
法的免責事項
対象製品
Avamar, Avamar Data Store, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Server, Avamar Virtual Edition文書のプロパティ
文書番号: 000258636
文書の種類: Dell Security Advisory
最終更新: 21 12月 2024
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。