CVE-2019-3752
HIGHDell EMC Avamar Server and Integrated Data Protection Appliance - XML External Entity Injection
Title source: llmDescription
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability
Scores
CVSS v3
8.2
EPSS
0.0038
EPSS Percentile
59.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Details
CWE
CWE-611
Status
published
Products (10)
dell/emc_avamar_server
7.4.1
dell/emc_avamar_server
7.5.0
dell/emc_avamar_server
7.5.1
dell/emc_avamar_server
18.2
dell/emc_avamar_server
19.1
dell/emc_integrated_data_protection_appliance
2.0
dell/emc_integrated_data_protection_appliance
2.1
dell/emc_integrated_data_protection_appliance
2.2
dell/emc_integrated_data_protection_appliance
2.3
dell/emc_integrated_data_protection_appliance
2.4
Published
Jul 16, 2021
Tracked Since
Feb 18, 2026