Overview
Severity Rating (CVSS Base Score)
8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
Summary:
DELL EMC Avamar Data Migration Enabler (ADMe) Web UI requires security updates to address a local file include (LFI) vulnerability.
Details
Dell EMC Avamar ADMe Web Interface is affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.
CVE-2019-3737
8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
Recommendations
Affected products:
DELL EMC Avamar ADMe Web UI © 1.0.50 and 1.0.51
Resolution:
The following Dell EMC Avamar ADMe Web UI hotfix is to address this vulnerability for the affected versions:
EMC Avamar ADMe Web UI 1.0.50 and 1.0.51 – HOTFIX 310397
If you have any questions, contact Dell EMC Support.
Credit
Dell EMC would like to thank Ken Pyle from DFDR Consulting for reporting this vulnerability.