Unrated severityNVD Advisory· Published Jan 14, 2021· Updated Sep 16, 2024

CVE-2020-29493

Description

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unauthenticated SQL injection in DELL EMC Avamar Server Fitness Analyzer allows remote attackers to execute arbitrary SQL commands, leading to unauthorized data access and potential deletion of sensitive backup data.

Vulnerability

A SQL injection vulnerability exists in the Fitness Analyzer component of DELL EMC Avamar Server versions 19.1, 19.2, and 19.3 [1]. The vulnerability allows a remote unauthenticated attacker to inject arbitrary SQL commands into the application's backend database queries. No prior authentication or special privileges are required to reach the vulnerable code path [1].

Exploitation

An attacker with network access to an affected Avamar Server can send crafted HTTP requests to the Fitness Analyzer endpoint, containing malicious SQL payloads in input parameters [1]. The application fails to properly sanitize or parameterize these inputs, leading to execution of attacker-controlled SQL commands on the backend database. No authentication or user interaction is needed [1].

Impact

Successful exploitation results in unauthorized read and write access to the application database [1]. An attacker can extract or modify sensitive backup data, potentially leading to data leakage or deletion of backup information. The CVSS v3.1 base score is 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating critical impact on confidentiality, integrity, and availability [1].

Mitigation

Dell EMC recommends upgrading to a fixed version of Avamar Server. As of the advisory publication (2021-01-14), the vendor has released security updates addressing this vulnerability. Users should apply the latest patched version as described in Dell security advisory DSA-2020-272 [1]. No workarounds are mentioned in the available references [1].

References

DSA-2020-272 Dell EMC Avamar Server and Dell EMC Integrated Data Protection Appliance Security Update for Multiple Vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

EMC Corporation/Avamar Serverllm-fuzzy
Range: 19.1, 19.2, 19.3
Dell/EMC Avamarcpe-rescue
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilitiesmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000