Skip to main content

Avamar Server

14 CVEs product

Monthly

CVE-2025-21117 MEDIUM This Month

Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Avamar Server
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-52538 HIGH This Week

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dell Avamar Server
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-47977 HIGH This Week

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dell Avamar Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-47484 CRITICAL Act Now

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Dell Avamar Server
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2017-4990 CRITICAL Act Now

In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avamar Server
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-4989 CRITICAL Act Now

In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Avamar Server
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2016-0921 MEDIUM This Month

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Avamar Server
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2016-0920 HIGH This Week

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Avamar Server
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-0905 MEDIUM This Month

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Avamar Server
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2016-0904 HIGH This Week

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Avamar Server
NVD
CVSS 3.0
8.6
EPSS
0.2%
CVE-2016-0903 CRITICAL Act Now

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Avamar Server
NVD
CVSS 3.0
9.1
EPSS
1.1%
CVE-2015-4527 HIGH This Week

Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Avamar Server Avamar Server Virtual Edition
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2013-3275 MEDIUM This Month

EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Avamar Server Avamar Server Virtual Edition
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3274 CRITICAL Act Now

EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Java RCE Avamar Server Avamar Server Virtual Edition
NVD
CVSS 2.0
9.0
EPSS
1.5%
EPSS 0% CVSS 6.6
MEDIUM This Month

Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Avamar Server
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dell Avamar Server
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dell Avamar Server
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Dell Avamar Server
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avamar Server
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Avamar Server
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Avamar Server
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Avamar Server
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Avamar Server
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Avamar Server
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Avamar Server
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Avamar Server +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Avamar Server Avamar Server Virtual Edition
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Java RCE +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy