Unrated severityNVD Advisory· Published Jul 16, 2021· Updated Sep 16, 2024

CVE-2019-3752

Description

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request.

Affected products

Dell/EMC Integrated Data Protection Appliance (IDPA)llm-create
Range: =2.0, =2.1, =2.2, =2.3, =2.4
EMC Corporation/Avamar Serverllm-fuzzy
Range: =7.4.1, =7.5.0, =7.5.1, =18.2, =19.1
Dell/EMC Avamarcpe-rescue
Range: 7.4.1, 7.5.0, 7.5.1, 18.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerabilitymitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000