EMC NetWorker
by Dell
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28055 | Hig | 0.57 | 8.8 | 0.00 | Sep 27, 2023 | Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting… | ||
| CVE-2023-25539 | Hig | 0.55 | 8.4 | 0.01 | May 31, 2023 | Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the… | ||
| CVE-2024-42422 | Hig | 0.54 | 8.3 | 0.00 | Dec 3, 2024 | Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | ||
| CVE-2021-21558 | Hig | 0.53 | 8.2 | 0.00 | Jun 8, 2021 | Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to… | ||
| CVE-2018-1218 | Hig | 0.53 | 7.5 | 0.14 | Mar 19, 2018 | In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. A remote unauthenticated attacker could potentially exploit this vulnerability… | ||
| CVE-2025-21107 | Hig | 0.51 | 7.8 | 0.00 | Jan 30, 2025 | Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | ||
| CVE-2021-21546 | Hig | 0.51 | 7.8 | 0.00 | Jul 29, 2021 | Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log… | ||
| CVE-2023-24576 | Hig | 0.49 | 7.5 | 0.01 | Feb 3, 2023 | EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker Client execution service (nsrexecd) irrespective of any auth used. | ||
| CVE-2021-21559 | Hig | 0.46 | 7.1 | 0.00 | Jun 8, 2021 | Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which uses SSL encrypted connection in order to communicate with the application server.… | ||
| CVE-2021-21570 | Med | 0.44 | 6.8 | 0.01 | Sep 28, 2021 | Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information. | ||
| CVE-2021-21569 | Med | 0.44 | 6.8 | 0.01 | Sep 28, 2021 | Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information. | ||
| CVE-2020-26183 | Med | 0.44 | 6.8 | 0.01 | Oct 16, 2020 | Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform 'nsrmmdbd' operations in an unintended manner. | ||
| CVE-2020-26182 | Med | 0.44 | 6.8 | 0.01 | Oct 16, 2020 | Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform 'saveset' related operations in an unintended manner. The vulnerability is not exploitable… | ||
| CVE-2021-21600 | Med | 0.42 | 6.5 | 0.01 | Aug 10, 2021 | Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. An authorized API user could potentially exploit this vulnerability via the web and desktop user interfaces, leading to denial of service in the manageability path. | ||
| CVE-2021-36311 | Med | 0.39 | 6.0 | 0.00 | Nov 23, 2021 | Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. | ||
| CVE-2023-24568 | Med | 0.33 | 5.0 | 0.00 | May 30, 2023 | Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates. | ||
| CVE-2025-36582 | Med | 0.31 | 4.8 | 0.00 | Jul 1, 2025 | Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | ||
| CVE-2025-21104 | Med | 0.28 | 4.3 | 0.00 | Mar 13, 2025 | Dell NetWorker, versions prior to 19.11.0.4 and version 19.12, contains an URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in NetWorker Management Console. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a… | ||
| CVE-2022-29082 | Low | 0.24 | 3.7 | 0.00 | May 26, 2022 | Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could… |
- risk 0.57cvss 8.8epss 0.00
Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting…
- risk 0.55cvss 8.4epss 0.01
Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the…
- risk 0.54cvss 8.3epss 0.00
Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
- risk 0.53cvss 8.2epss 0.00
Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to…
- risk 0.53cvss 7.5epss 0.14
In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. A remote unauthenticated attacker could potentially exploit this vulnerability…
- risk 0.51cvss 7.8epss 0.00
Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
- risk 0.51cvss 7.8epss 0.00
Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log…
- risk 0.49cvss 7.5epss 0.01
EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker Client execution service (nsrexecd) irrespective of any auth used.
- risk 0.46cvss 7.1epss 0.00
Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which uses SSL encrypted connection in order to communicate with the application server.…
- risk 0.44cvss 6.8epss 0.01
Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.
- risk 0.44cvss 6.8epss 0.01
Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.
- risk 0.44cvss 6.8epss 0.01
Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform 'nsrmmdbd' operations in an unintended manner.
- risk 0.44cvss 6.8epss 0.01
Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform 'saveset' related operations in an unintended manner. The vulnerability is not exploitable…
- risk 0.42cvss 6.5epss 0.01
Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. An authorized API user could potentially exploit this vulnerability via the web and desktop user interfaces, leading to denial of service in the manageability path.
- risk 0.39cvss 6.0epss 0.00
Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it.
- risk 0.33cvss 5.0epss 0.00
Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates.
- risk 0.31cvss 4.8epss 0.00
Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
- risk 0.28cvss 4.3epss 0.00
Dell NetWorker, versions prior to 19.11.0.4 and version 19.12, contains an URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in NetWorker Management Console. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a…
- risk 0.24cvss 3.7epss 0.00
Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could…