Slidingwindow

**Name of the Vulnerable Software and Affected Versions** Dell EMC Avamar Server versions 7.3.1 through 7.5.0 Dell EMC Integrated Data Protection Appliance versions 2.0 through 2.1 **Description** The issue is related to a missing access control check, which could allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. These credentials are used to connect to Dell EMC Online Support. An attacker could also use the credentials to login to Dell EMC Online Support, potentially impersonating the AVI service actions. **Recommendations** For Dell EMC Avamar Server versions 7.3.1 through 7.5.0, update the Avamar Installation Manager to a version that includes the missing access control check. For Dell EMC Integrated Data Protection Appliance versions 2.0 through 2.1, update the appliance to a version that includes the missing access control check. As a temporary workaround, consider restricting access to the LDLS credentials to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Radia Client Automation versions 7.9 through 9.1 **Description** The issue allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465. This is a command injection remote code execution issue in the radexecd.exe service. **Recommendations** For versions 7.9 through 9.1, consider restricting access to TCP port 3465 as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.