Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Emc_avamar_server | Dell | 18.2 (including) | 18.2 (including) |
| Emc_avamar_server | Dell | 19.1 (including) | 19.1 (including) |
| Emc_avamar_server | Dell | 19.2 (including) | 19.2 (including) |
| Emc_avamar_server | Dell | 19.3 (including) | 19.3 (including) |
| Emc_avamar_server | Dell | 19.4 (including) | 19.4 (including) |
While logging all information may be helpful during development stages, it is important that logging levels be set appropriately before a product ships so that sensitive user data and system information are not accidentally exposed to potential attackers. Different log files may be produced and stored for: