CVE-2021-36317
First published: Tue Dec 21 2021(Updated: )
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell EMC Avamar Server | =19.4 | |
| Dell Emc Powerprotect Data Protection Appliance | =2.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-36317?
CVE-2021-36317 is a plain-text password storage vulnerability in Dell EMC Avamar Server version 19.4 and Dell EMC Powerprotect Data Protection Appliance version 2.7.
Who is affected by CVE-2021-36317?
Users of Dell EMC Avamar Server version 19.4 and Dell EMC Powerprotect Data Protection Appliance version 2.7 are affected by CVE-2021-36317.
What is the severity of CVE-2021-36317?
CVE-2021-36317 has a severity score of 6.7, which is considered medium.
How can a local attacker exploit CVE-2021-36317?
A local attacker could exploit CVE-2021-36317 to gain access to certain user credentials stored in plain text.
Are there any references for CVE-2021-36317?
Yes, you can find more information about CVE-2021-36317 at the following references: [https://security.gentoo.org/glsa/202210-09](https://security.gentoo.org/glsa/202210-09) and [https://www.dell.com/support/kbdoc/000193369](https://www.dell.com/support/kbdoc/000193369).
- collector/nvd-index
- vendor/dell
- canonical/dell emc avamar server
- version/dell emc avamar server/19.4
- canonical/dell emc powerprotect data protection appliance
- version/dell emc powerprotect data protection appliance/2.7