Home
MEDIUM: 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HDefault status
unaffected
19.9 through 19.10 SP1 (semver) before 19.10 SP1 with CHF 338912 or later
affected
Default status
unaffected
19.9 through 19.10 SP1 (semver) before 19.10 SP1 with CHF 338912 or later
affected
Default status
unaffected
Any version before 2.7.9 with AV CHF 338912
affected
Description
Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary file delete.
Problem types
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Product status
19.9 through 19.10 SP1 (semver) before 19.10 SP1 with CHF 338912 or later
19.9 through 19.10 SP1 (semver) before 19.10 SP1 with CHF 338912 or later
Any version before 2.7.9 with AV CHF 338912
Credits
Dell would like to thank LIUPENG for reporting this issue.
References
www.dell.com/...icted-directory-path-traversal-vulnerability