| Vulnerability Name: | CVE-2019-3752 (CCN-205682) | ||||||||||||
| Assigned: | 2019-01-03 | ||||||||||||
| Published: | 2021-04-10 | ||||||||||||
| Updated: | 2021-07-28 | ||||||||||||
| Summary: | Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request. | ||||||||||||
| CVSS v3 Severity: | 8.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H) 7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C)
7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-611 | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-3752 Source: XF Type: UNKNOWN dell-cve20193752-dos(205682) Source: CCN Type: Dell DSA Identifier: DSA-2019-119 Dell EMC Avamar XML External Entity Injection Vulnerability Source: MISC Type: Patch, Vendor Advisory https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||