PT-2021-21219 · Dell Emc · Dell Emc Avamar Server
Published
2021-12-21
·
Updated
2022-11-07
·
CVE-2021-36317
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dell EMC Avamar Server version 19.4
Description
The issue concerns a plain-text password storage vulnerability in AvInstaller, which could be exploited by a local attacker to disclose certain user credentials. The exposed credentials may then be used to access the vulnerable application with the privileges of the compromised account.
Recommendations
For Dell EMC Avamar Server version 19.4, update the software to a version that addresses the plain-text password storage vulnerability in AvInstaller to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dell Emc Avamar Server