[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] DSA-2019-092: Dell EMC Avamar Security Update for ADMe Web UI Vulnerability
From: <secure () Dell ! com>
Date: 2019-06-14 19:24:19
Message-ID: 0b491983204b4261beeeae05e7460358 () AUSX13MPS302 ! AMER ! DELL ! COM
[Download RAW message or body]
Restricted - Confidential
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
DSA-2019-092: Dell EMC Avamar Security Update for ADMe Web UI Vulnerability
Dell EMC Identifier: DSA-2019-092
CVE Identifier: CVE-2019-3737
Severity: High
Severity Rating: CVSS v3 Base Score: 8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
Affected products:
DELL EMC Avamar(r) ADMe Web UI (c) 1.0.50, 1.0.51
Summary:
DELL EMC Avamar(r) Data Migration Enabler (ADMe) Web UI requires security updates to address a \
local file include(LFI) vulnerability.
Details:
Dell EMC Avamar ADMe Web Interface is affected by an LFI vulnerability which may allow a \
malicious user to download arbitrary files from the affected system by sending a specially \
crafted request to the Web Interface application.
Resolution:
The following Dell EMC Avamar ADMe Web UI hotfix is to address this vulnerability for the \
affected versions:
* EMC Avamar ADMe Web UI (c) 1.0.50 & 1.0.51 - HOTFIX 310397
Link to remedies:
Dell EMC recommends that customers who are registered for Dell EMC Online Support download the \
applicable patches and software from support.emc.com at their earliest convenience:
* EMC Avamar ADMe Web UI (c) 1.0.50 & 1.0.51 - HOTFIX 310397
If you have any questions, please contact Dell EMC Support.
Credit:
Dell EMC would like to thank Ken Pyle from DFDR Consulting for reporting this vulnerability.
Severity Rating:
For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307. Dell \
EMC recommends all customers take into account both the base score and any relevant temporal \
and environmental scores which may impact the potential severity associated with particular \
security vulnerability.
Legal Information:
Read and use the information in this Dell EMC Security Advisory to assist in avoiding any \
situation that might arise from the problems described herein. If you have any questions \
regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867. \
Dell EMC distributes Dell EMC Security Advisories, in order to bring to the attention of users \
of the affected Dell EMC products, important security information. Dell EMC recommends that all \
users determine the applicability of this information to their individual situations and take \
appropriate action. The information set forth herein is provided "as is" without warranty of \
any kind. Dell EMC disclaims all warranties, either express or implied, including the \
warranties of merchantability, fitness for a particular purpose, title and non-infringement. In \
no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including \
direct, indirect, incidental, consequential, loss of business profits or spe cial damages, \
even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some \
states do not allow the exclusion or limitation of liability for consequential or incidental \
damages, so the foregoing limitation may not apply.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAl0D9A0ACgkQgSlofD2Y
i6fzPQ//eEi+Z6QtNAokbNsnrwbz7ee96nH+I1eE0o6nQBpeQiml0dlpKJclYlAL
9t0ofaFGANCIwGtQblFOytOyxqLr+/h/iC+o3c3nhk9ULledRL9+1ZQUeIrOxwNC
Tii7QsLoGen62Zb7sg0hywpdU8TkuTjI/wNYjs/3Ro9Z59w2/kOr2ZBOvinjE6gT
h7TscEgxWgudnmVZv16ot8dmQEYLUYXidu7NsiSQJmaufzGZKgmfWV8VKEFYft/h
ymJw/Zyp6tQK5PrduZ1LorRI0RKvKMuVsJySzihxhcMvV4AhUu1YUf3dfxlJSemR
A9FlqCzAfOENnDXSiDQKsHrLbghfhN8bjnqYVKGJB/f7wk1nnRWCjtmEwB5xnS2q
1O0qM4cNUsaBPMChcGXZkM/sftbXTxkPV/H2bCiZ4bO0YEHYo7HdFM204qSU6bMM
J5Y/vuM7gOdPCwIfhvWOkoGl2KzzoOyWwG7Bx8X/TbLkxzIbxxKPQLWz9AExxrXK
csez48O5AipUmkZLXtL521BnkXAYC8R3gE3ONIuxRRvCe7Az/HDfACruiRk66EzM
gIj1qYS1Tnsfyca41T1Mn/mhl+YKBVx4uIxnCd4OTaJkPiff2OmFU9rGlXBjk1UR
gt5trn1LopcOypjbyb6ftMDdLQCVfXtIvY1bQkrYznrXnDFvz88=
=jcLF
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic