CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-52538

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.0%

CVSS Severity

CVSS v3 Score 7.6

References

https://www.dell.com/support/kbdoc/en-us/000258636/dsa-2024-489-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-security-update-for-multiple-vulnerabilities

Products affected by CVE-2024-52538

Dell » Avamar Server » Version: 19.10

cpe:2.3:a:dell:avamar_server:19.10
Dell » Avamar Server » Version: 19.4

cpe:2.3:a:dell:avamar_server:19.4
Dell » Avamar Server » Version: 19.7

cpe:2.3:a:dell:avamar_server:19.7
Dell » Avamar Server » Version: 19.8

cpe:2.3:a:dell:avamar_server:19.8
Dell » Avamar Server » Version: 19.9

cpe:2.3:a:dell:avamar_server:19.9
Dell » Avamar Data Store » Version: gen4t

cpe:2.3:h:dell:avamar_data_store:gen4t
Dell » Avamar Data Store » Version: gen5a

cpe:2.3:h:dell:avamar_data_store:gen5a

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-52538

Products

Pricing

Contact Us