CVE-2019-3737: Dell EMC Avamar Security Update for ADMe Web UI Vulnerability

Severity Rating (CVSS Base Score)
8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
DELL EMC Avamar Data Migration Enabler (ADMe) Web UI requires security updates to address a local file include (LFI) vulnerability.

Dell EMC Avamar ADMe Web Interface is affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.

8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)

Affected products:
DELL EMC Avamar ADMe Web UI © 1.0.50 and 1.0.51

The following Dell EMC Avamar ADMe Web UI hotfix is to address this vulnerability for the affected versions:

EMC Avamar ADMe Web UI 1.0.50 and 1.0.51 – HOTFIX 310397

If you have any questions, contact Dell EMC Support.

Dell EMC would like to thank Ken Pyle from DFDR Consulting for reporting this vulnerability.