CVE-2019-3752: XEE
First published: Thu Oct 10 2019(Updated: )
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell EMC Avamar Server | =7.4.1 | |
| Dell EMC Avamar Server | =7.5.0 | |
| Dell EMC Avamar Server | =7.5.1 | |
| Dell EMC Avamar Server | =18.2 | |
| Dell EMC Avamar Server | =19.1 | |
| Dell EMC Integrated Data Protection Appliance | =2.0 | |
| Dell EMC Integrated Data Protection Appliance | =2.1 | |
| Dell EMC Integrated Data Protection Appliance | =2.2 | |
| Dell EMC Integrated Data Protection Appliance | =2.3 | |
| Dell EMC Integrated Data Protection Appliance | =2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-3752?
CVE-2019-3752 is a vulnerability found in Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1, and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4.
What is the severity of CVE-2019-3752?
CVE-2019-3752 has a severity score of 8.2, which is considered high.
What is an XML External Entity (XXE) Injection vulnerability?
An XML External Entity (XXE) Injection vulnerability allows an attacker to include or access local or remote files and execute remote code.
How can a remote unauthenticated malicious user exploit CVE-2019-3752?
A remote unauthenticated malicious user can exploit CVE-2019-3752 by exploiting the XML External Entity (XXE) Injection vulnerability to potentially gain unauthorized access or execute arbitrary code on the affected system.
Is there a fix available for CVE-2019-3752?
Yes, Dell has released a security advisory with patches and mitigations to address the CVE-2019-3752 vulnerability.
- collector/nvd-index
- agent/type
- agent/event
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/dell
- canonical/dell emc avamar server
- version/dell emc avamar server/7.4.1
- version/dell emc avamar server/7.5.0
- version/dell emc avamar server/7.5.1
- version/dell emc avamar server/18.2
- version/dell emc avamar server/19.1
- canonical/dell emc integrated data protection appliance
- version/dell emc integrated data protection appliance/2.0
- version/dell emc integrated data protection appliance/2.1
- version/dell emc integrated data protection appliance/2.2
- version/dell emc integrated data protection appliance/2.3
- version/dell emc integrated data protection appliance/2.4