DSA-2024-489: Security update for Dell Avamar and Dell Avamar Virtual Edition Multiple Vulnerabilities

概要: Dell Avamar and Dell Avamar Virtual Edition remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

この記事は次に適用されます: この記事は次には適用されません: この記事は、特定の製品に関連付けられていません。 すべての製品パージョンがこの記事に記載されているわけではありません。
他のリソースを確認する

影響

High

詳細

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2024-47484 Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-47977 Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-52538 Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2024-47484 Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-47977 Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-52538 Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

デル・テクノロジーズでは、すべてのお客様に対して、CVSSベース スコアに加えて、特定のセキュリティの脆弱性に付随する潜在的な重要度に影響する可能性のある現状スコアや環境スコアも考慮することをお勧めしています。

影響を受ける製品と修復

Product Software/Firmware Affected Versions Remediated Version Link
Dell Avamar Data Store Gen4T SUSE Linux Enterprise 12 SP5 Version 19.12 Version 19.12 with patch 338905 or later Avamar Downloads Area
Dell Avamar Data Store Gen4T SUSE Linux Enterprise 12 SP5 Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 Version 19.10 and 19.10SP1 with patch 338869 or later Avamar Downloads Area
Dell Avamar Data Store Gen5A SUSE Linux Enterprise 12 SP5 Version 19.12 Version 19.12 with patch 338905 or later Avamar Downloads Area
Dell Avamar Data Store Gen5A SUSE Linux Enterprise 12 SP5 Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 Version 19.10 and 19.10SP1 with patch 338869 or later Avamar Downloads Area
Avamar Virtual Edition for VMware ESXi and vSphere SUSE Linux Enterprise 12 SP5 Version 19.12 Version 19.12 with patch 338905 or later Avamar Downloads Area
Avamar Virtual Edition for VMware ESXi and vSphere SUSE Linux Enterprise 12 SP5 Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 Version 19.10 and 19.10SP1 with patch 338869 or later Avamar Downloads Area
Avamar Virtual Edition for VMware vSphere only SUSE Linux Enterprise 12 SP5 Version 19.12 Version 19.12 with patch 338905 or later Avamar Downloads Area
Avamar Virtual Edition for VMware vSphere only SUSE Linux Enterprise 12 SP5 Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 Version 19.10 and 19.10SP1 with patch 338869 or later Avamar Downloads Area
Dell Avamar Server SUSE Linux Enterprise 12 SP5 Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 Version 19.10 and 19.10SP1 with patch 338869 or later Avamar Downloads Area 

 

 

Product Software/Firmware Affected Versions Remediated Version Link
Dell Avamar Data Store Gen4T SUSE Linux Enterprise 12 SP5 Version 19.12 Version 19.12 with patch 338905 or later Avamar Downloads Area
Dell Avamar Data Store Gen4T SUSE Linux Enterprise 12 SP5 Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 Version 19.10 and 19.10SP1 with patch 338869 or later Avamar Downloads Area
Dell Avamar Data Store Gen5A SUSE Linux Enterprise 12 SP5 Version 19.12 Version 19.12 with patch 338905 or later Avamar Downloads Area
Dell Avamar Data Store Gen5A SUSE Linux Enterprise 12 SP5 Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 Version 19.10 and 19.10SP1 with patch 338869 or later Avamar Downloads Area
Avamar Virtual Edition for VMware ESXi and vSphere SUSE Linux Enterprise 12 SP5 Version 19.12 Version 19.12 with patch 338905 or later Avamar Downloads Area
Avamar Virtual Edition for VMware ESXi and vSphere SUSE Linux Enterprise 12 SP5 Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 Version 19.10 and 19.10SP1 with patch 338869 or later Avamar Downloads Area
Avamar Virtual Edition for VMware vSphere only SUSE Linux Enterprise 12 SP5 Version 19.12 Version 19.12 with patch 338905 or later Avamar Downloads Area
Avamar Virtual Edition for VMware vSphere only SUSE Linux Enterprise 12 SP5 Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 Version 19.10 and 19.10SP1 with patch 338869 or later Avamar Downloads Area
Dell Avamar Server SUSE Linux Enterprise 12 SP5 Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 Version 19.10 and 19.10SP1 with patch 338869 or later Avamar Downloads Area 

 

 

Notes:

  1. The README file, included in the hotfix .zip download package, provides a comprehensive list of vulnerabilities remediated in this cumulative update, including both recent and previously identified vulnerabilities.
  2. To schedule a platform security patch installation or server upgrade, please contact Dell Customer Support. Dell recommends upgrading the latest release/version of your product.
  3. Upgrading from Dell Avamar 19.10 GA (19.10.0-135) to 19.10 SP1 (19.10.0-166) is not supported if the new Avamar MCS cumulative hotfix has already been installed. For full details and guidance, please refer to KB 000242572: The Avamar upgrade from 19.10.0-135 to 19.10.0-166 fails when the MCS hotfix is installed.

回避策と緩和策

None

変更履歴

RevisionDateDescription
1.02024-12-10Initial Release
2.02024-12-16Updated CVE descriptions
3.02025-07-21Updated CVE descriptions, additional information section and added affected version 19.12

確認

Dell would like to thank Kentaro Kawane of GMO Cybersecurity by Ierae working with Trend Micro Zero Day Initiative for reporting this issue.

関連情報

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法的免責事項

対象製品

Avamar, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Virtual Edition
文書のプロパティ
文書番号: 000258636
文書の種類: Dell Security Advisory
最終更新: 21 7月 2025
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。