CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-47977

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 62.2%

CVSS Severity

CVSS v3 Score 7.1

References

https://www.dell.com/support/kbdoc/en-us/000258636/dsa-2024-489-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-security-update-for-multiple-vulnerabilities

Products affected by CVE-2024-47977

Dell » Avamar Server » Version: 19.10

cpe:2.3:a:dell:avamar_server:19.10
Dell » Avamar Server » Version: 19.4

cpe:2.3:a:dell:avamar_server:19.4
Dell » Avamar Server » Version: 19.7

cpe:2.3:a:dell:avamar_server:19.7
Dell » Avamar Server » Version: 19.8

cpe:2.3:a:dell:avamar_server:19.8
Dell » Avamar Server » Version: 19.9

cpe:2.3:a:dell:avamar_server:19.9
Dell » Avamar Data Store » Version: gen4t

cpe:2.3:h:dell:avamar_data_store:gen4t
Dell » Avamar Data Store » Version: gen5a

cpe:2.3:h:dell:avamar_data_store:gen5a

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-47977

Products

Pricing

Contact Us