var-202107-0410
Vulnerability from variot
Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system. (DoS) It may be in a state. Dell EMC Avamar Server is a set of fully virtualized backup and recovery software for servers from Dell
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0410",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "emc integrated data protection appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.4.1"
},
{
"model": "emc avamar server",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "7.4.1"
},
{
"model": "emc avamar server",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "7.5.0"
},
{
"model": "emc integrated data protection appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.1"
},
{
"model": "emc avamar server",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "19.2"
},
{
"model": "emc integrated data protection appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.0"
},
{
"model": "emc avamar server",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "18.1"
},
{
"model": "emc integrated data protection appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.4"
},
{
"model": "emc integrated data protection appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.2"
},
{
"model": "emc avamar server",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "18.2"
},
{
"model": "emc integrated data protection appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.3"
},
{
"model": "emc avamar server",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "7.5.1"
},
{
"model": "emc avamar server",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "19.1"
},
{
"model": "dell emc integrated data protection appliance",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell emc avamar server",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012451"
},
{
"db": "NVD",
"id": "CVE-2020-5341"
}
]
},
"cve": "CVE-2020-5341",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5341",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-183466",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5341",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-012451",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5341",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-5341",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-5341",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-049",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-183466",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-5341",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183466"
},
{
"db": "VULMON",
"id": "CVE-2020-5341"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012451"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-049"
},
{
"db": "NVD",
"id": "CVE-2020-5341"
},
{
"db": "NVD",
"id": "CVE-2020-5341"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system. (DoS) It may be in a state. Dell EMC Avamar Server is a set of fully virtualized backup and recovery software for servers from Dell",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5341"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012451"
},
{
"db": "VULHUB",
"id": "VHN-183466"
},
{
"db": "VULMON",
"id": "CVE-2020-5341"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5341",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012451",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-049",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-183466",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-5341",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183466"
},
{
"db": "VULMON",
"id": "CVE-2020-5341"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012451"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-049"
},
{
"db": "NVD",
"id": "CVE-2020-5341"
}
]
},
"id": "VAR-202107-0410",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-183466"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:17:09.958000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.dell.com/ja-jp"
},
{
"title": "Dell EMC Avamar Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110933"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012451"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-049"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
},
{
"problemtype": "Deserialization of untrusted data (CWE-502) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183466"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012451"
},
{
"db": "NVD",
"id": "CVE-2020-5341"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/security/en-us/details/541677/dsa-2020-057-dell-emc-avamar-server-deserialization-of-untrusted-data-vulnerability"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5341"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/dell-emc-avamar-server-code-execution-via-deserialization-31714"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183466"
},
{
"db": "VULMON",
"id": "CVE-2020-5341"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012451"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-049"
},
{
"db": "NVD",
"id": "CVE-2020-5341"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-183466"
},
{
"db": "VULMON",
"id": "CVE-2020-5341"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012451"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-049"
},
{
"db": "NVD",
"id": "CVE-2020-5341"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-183466"
},
{
"date": "2021-07-28T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5341"
},
{
"date": "2022-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-012451"
},
{
"date": "2020-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-049"
},
{
"date": "2021-07-28T00:15:07.637000",
"db": "NVD",
"id": "CVE-2020-5341"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-183466"
},
{
"date": "2021-08-05T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5341"
},
{
"date": "2022-08-31T07:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-012451"
},
{
"date": "2021-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-049"
},
{
"date": "2021-08-05T19:13:10.353000",
"db": "NVD",
"id": "CVE-2020-5341"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-049"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0EMC\u00a0Avamar\u00a0Server\u00a0 and \u00a0Dell\u00a0EMC\u00a0Integrated\u00a0Data\u00a0Protection\u00a0Appliance\u00a0 Untrusted Data Deserialization Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012451"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-049"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…