CVE-2019-3765

HIGH

Dell Emc Avamar Server < 2.4 - Incorrect Permission Assignment

Title source: rule

Description

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.dell.com/support/security/en-us/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability

Scores

CVSS v3 8.1

EPSS 0.0019

EPSS Percentile 40.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-732

Status published

Products (6)

dell/emc_avamar_server 7.4.1

dell/emc_avamar_server 7.5.0

dell/emc_avamar_server 7.5.1

dell/emc_avamar_server 18.2

dell/emc_avamar_server 19.1

dell/emc_integrated_data_protection_appliance 2.0 - 2.4

Published Oct 09, 2019

Tracked Since Feb 18, 2026