CVE-2020-5341

CRITICAL

Dell Emc Avamar Server - Insecure Deserialization

Title source: rule

Description

Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system.

References (1)

Scores

CVSS v3 9.8
EPSS 0.1271
EPSS Percentile 93.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502
Status published

Affected Products (13)

dell/emc_avamar_server
dell/emc_avamar_server
dell/emc_avamar_server
dell/emc_avamar_server
dell/emc_avamar_server
dell/emc_avamar_server
dell/emc_avamar_server
dell/emc_integrated_data_protection_appliance_firmware
dell/emc_integrated_data_protection_appliance_firmware
dell/emc_integrated_data_protection_appliance_firmware
dell/emc_integrated_data_protection_appliance_firmware
dell/emc_integrated_data_protection_appliance_firmware
dell/emc_integrated_data_protection_appliance_firmware

Timeline

Published Jul 28, 2021
Tracked Since Feb 18, 2026