CVE-2020-29495

Name of the Vulnerable Software and Affected Versions: DELL EMC Avamar Server versions 19.1 through 19.3

Description: The issue is an OS Command Injection Vulnerability in the Fitness Analyzer component. A remote unauthenticated attacker could potentially exploit this, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This can be leveraged to completely compromise the vulnerable application as well as the underlying operating system.

Recommendations: For versions 19.1 through 19.3, upgrade to a newer version at the earliest opportunity to resolve the issue. As a temporary workaround, consider restricting access to the Fitness Analyzer component until a patch is available.