Dell Avamar, versions prior to 19.12 with patch 338905, excluding version 19.10SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 05 Aug 2025 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell avamar Data Store
Dell avamar Server
Vendors & Products Dell
Dell avamar Data Store
Dell avamar Server

Mon, 04 Aug 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 04 Aug 2025 18:45:00 +0000

Type Values Removed Values Added
Description Dell Avamar, versions prior to 19.12 with patch 338905, excluding version 19.10SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
Weaknesses CWE-650
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2025-08-07T03:55:25.917Z

Reserved: 2024-11-23T06:04:00.843Z

Link: CVE-2025-21120

cve-icon Vulnrichment

Updated: 2025-08-04T19:16:53.698Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-04T19:15:30.210

Modified: 2025-08-05T14:34:17.327

Link: CVE-2025-21120

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-05T11:38:54Z