Description
Dell Avamar, versions prior to 19.12 with patch 338905, excluding version 19.10SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
Reserved 2024-11-23 | Published 2025-08-04 | Updated 2025-08-04 | Assigner
dellHIGH: 8.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Problem types
CWE-650: Trusting HTTP Permission Methods on the Server Side
Product status
Default status
unaffected
19.12 before Version 19.12 with patch 338905 or later
affected
Default status
unaffected
19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 before 19.10SP1 with patch 338904 or later
affected
Default status
unaffected
19.12 before 19.12 with patch 338905 or later
affected
Default status
unaffected
19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 before 19.10SP1 with patch 338904 or later
affected
Default status
unaffected
19.12 before 19.12 with patch 338905 or later
affected
Default status
unaffected
19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 before 19.10SP1 with patch 338904 or later
affected
Default status
unaffected
19.12 before 19.12 with patch 338905 or later
affected
Default status
unaffected
19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 before 19.10SP1 with patch 338904 or later
affected
References
www.dell.com/...mar-virtual-edition-multiple-vulnerabilities vendor-advisory
cve.org (CVE-2025-21120)
nvd.nist.gov (CVE-2025-21120)
Download JSON
