CVE-2021-36317

MEDIUM

Dell EMC Avamar Server 19.4 - Info Disclosure

Title source: llm

Description

Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

References (2)

[Third Party Advisory] https://security.gentoo.org/glsa/202210-09

[Patch, Vendor Advisory] https://www.dell.com/support/kbdoc/000193369

Scores

CVSS v3 6.7

EPSS 0.0004

EPSS Percentile 10.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522 CWE-256

Status published

Affected Products (2)

dell/emc_avamar_server

dell/emc_powerprotect_data_protection_appliance

Timeline

Published Dec 21, 2021

Tracked Since Feb 18, 2026