Unrated severityNVD Advisory· Published Dec 10, 2024· Updated Aug 4, 2025

CVE-2024-52538

Description

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Dell Avamar SQL injection vulnerability allows low-privileged remote attacker to perform script injection, affecting versions prior to 19.12 patch 338905.

Vulnerability

Dell Avamar versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contain an improper neutralization of special elements used in an SQL command (SQL injection) vulnerability [1]. This flaw exists in the application's handling of user-supplied input, allowing an attacker to inject malicious SQL queries through vulnerable parameters.

Exploitation

An attacker with low privileges and remote network access can exploit this vulnerability by sending crafted input to the affected component [1]. No user interaction is required. The attacker can manipulate SQL queries to inject script content, potentially leading to script injection within the application context.

Impact

Successful exploitation results in script injection, which can lead to high confidentiality impact (information disclosure), low integrity impact, and low availability impact [1]. The attacker may be able to execute arbitrary scripts in the context of the application, potentially accessing sensitive data or performing unauthorized actions.

Mitigation

Dell has released patches to address this vulnerability: upgrade to Avamar 19.12 with patch 338905, or to 19.10 or 19.10SP1 with patch 338869 [1]. No workarounds are available. Users should apply the patches as soon as possible.

References

DSA-2024-489: Security update for Dell Avamar and Dell Avamar Virtual Edition Multiple Vulnerabilities

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

EMC Corporation/Avamarllm-fuzzy
Range: prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869
Dell/EMC Avamarcpe-rescue
Range: 19.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.dell.com/support/kbdoc/en-us/000258636/dsa-2024-489-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-security-update-for-multiple-vulnerabilitiesmitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000