What is the severity of CVE-2019-3752?

CVE-2019-3752 has a severity score of 8.2, which is considered high.

What is an XML External Entity (XXE) Injection vulnerability?

An XML External Entity (XXE) Injection vulnerability allows an attacker to include or access local or remote files and execute remote code.

How can a remote unauthenticated malicious user exploit CVE-2019-3752?

A remote unauthenticated malicious user can exploit CVE-2019-3752 by exploiting the XML External Entity (XXE) Injection vulnerability to potentially gain unauthorized access or execute arbitrary code on the affected system.

Is there a fix available for CVE-2019-3752?

Yes, Dell has released a security advisory with patches and mitigations to address the CVE-2019-3752 vulnerability.

Vulnerability/
CVE-2019-3752

high

8.2

CWE

611

16/7/2021

28/7/2021

CVE-2019-3752: XEE

First published: Fri Jul 16 2021(Updated: )

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request.

Credit: security_alert@emc.com

Affected Software	Affected Version	How to fix
Dell EMC Avamar Server	=7.4.1
Dell EMC Avamar Server	=7.5.0
Dell EMC Avamar Server	=7.5.1
Dell EMC Avamar Server	=18.2
Dell EMC Avamar Server	=19.1
Dell EMC Integrated Data Protection Appliance	=2.0
Dell EMC Integrated Data Protection Appliance	=2.1
Dell EMC Integrated Data Protection Appliance	=2.2
Dell EMC Integrated Data Protection Appliance	=2.3
Dell EMC Integrated Data Protection Appliance	=2.4

Never miss a vulnerability like this again

Reference Links

https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability

Frequently Asked Questions

What is CVE-2019-3752?
CVE-2019-3752 is a vulnerability found in Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1, and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4.
What is the severity of CVE-2019-3752?
CVE-2019-3752 has a severity score of 8.2, which is considered high.
What is an XML External Entity (XXE) Injection vulnerability?
An XML External Entity (XXE) Injection vulnerability allows an attacker to include or access local or remote files and execute remote code.
How can a remote unauthenticated malicious user exploit CVE-2019-3752?
A remote unauthenticated malicious user can exploit CVE-2019-3752 by exploiting the XML External Entity (XXE) Injection vulnerability to potentially gain unauthorized access or execute arbitrary code on the affected system.
Is there a fix available for CVE-2019-3752?
Yes, Dell has released a security advisory with patches and mitigations to address the CVE-2019-3752 vulnerability.

collector/nvd-index
agent/type
agent/event
vendor/dell
canonical/dell emc avamar server
version/dell emc avamar server/7.4.1
version/dell emc avamar server/7.5.0
version/dell emc avamar server/7.5.1
version/dell emc avamar server/18.2
version/dell emc avamar server/19.1
canonical/dell emc integrated data protection appliance
version/dell emc integrated data protection appliance/2.0
version/dell emc integrated data protection appliance/2.1
version/dell emc integrated data protection appliance/2.2
version/dell emc integrated data protection appliance/2.3
version/dell emc integrated data protection appliance/2.4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.