CVE-2019-3752

Name of the Vulnerable Software and Affected Versions Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3, 2.4

Description The issue is an XML External Entity (XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request.

Recommendations For Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1, consider disabling the XML parsing functionality until a patch is available. For Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3, 2.4, restrict access to the XML request handling module to minimize the risk of exploitation. Avoid using specially crafted document type definitions (DTDs) in XML requests to the affected systems until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.