VYPR

Avamar

by EMC Corporation

CVEs (24)

  • CVE-2016-0906HigJul 6, 2016
    risk 0.57cvss 8.8epss 0.02

    The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation.

  • CVE-2016-0909HigNov 15, 2016
    risk 0.55cvss 8.4epss 0.00

    EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users.

  • CVE-2016-8214MedJan 25, 2017
    risk 0.44cvss 6.7epss 0.00

    EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers.

  • CVE-2025-36598MedFeb 17, 2026
    risk 0.42cvss 6.5epss 0.00

    Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading…

  • CVE-2025-36597MedFeb 17, 2026
    risk 0.31cvss 4.7epss 0.00

    Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading…

  • CVE-2018-11066Nov 26, 2018
    risk 0.03cvss epss 0.10

    Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote…

  • CVE-2025-21120Aug 4, 2025
    risk 0.00cvss epss 0.00

    Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

  • CVE-2025-21117Feb 5, 2025
    risk 0.00cvss epss 0.00

    Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the user.

  • CVE-2024-47977Dec 10, 2024
    risk 0.00cvss epss 0.01

    Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially…

  • CVE-2024-47484Dec 10, 2024
    risk 0.00cvss epss 0.01

    Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could…

  • CVE-2024-52538Dec 10, 2024
    risk 0.00cvss epss 0.00

    Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially…

  • CVE-2019-3737Jun 19, 2019
    risk 0.00cvss epss 0.02

    Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.

  • CVE-2018-11077Nov 26, 2018
    risk 0.00cvss epss 0.01

    'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin…

  • CVE-2018-11067Nov 26, 2018
    risk 0.00cvss epss 0.02

    Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated…

  • CVE-2018-11076Nov 26, 2018
    risk 0.00cvss epss 0.01

    Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java…

  • CVE-2014-4623Oct 25, 2014
    risk 0.00cvss epss 0.02

    EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext…

  • CVE-2013-0945May 3, 2013
    risk 0.00cvss epss 0.01

    EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

  • CVE-2013-0944May 3, 2013
    risk 0.00cvss epss 0.01

    The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.

  • CVE-2012-2291Jan 21, 2013
    risk 0.00cvss epss 0.00

    EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack.

  • CVE-2012-4610Oct 31, 2012
    risk 0.00cvss epss 0.01

    EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to the proxy client.

Page 1 of 2