CVE-2025-21120

EPSS 0.05%
Veröffentlicht 04.08.2025 18:33:07
Zuletzt bearbeitet 25.02.2026 15:14:51
Quelle security_alert@emc.com
CVE-Watchlists
Login
Unerledigt
Login

Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Avamar Version19.4 SwEditionvirtual SwPlatformesxi

Dell ≫ Avamar Version19.4 SwEditionvirtual SwPlatformvmware

Dell ≫ Avamar Version19.4 SwEditionvirtual SwPlatformvsphere

Dell ≫ Avamar Version19.7 SwEditionvirtual SwPlatformesxi

Dell ≫ Avamar Version19.7 SwEditionvirtual SwPlatformvmware

Dell ≫ Avamar Version19.7 SwEditionvirtual SwPlatformvsphere

Dell ≫ Avamar Version19.8 SwEditionvirtual SwPlatformesxi

Dell ≫ Avamar Version19.8 SwEditionvirtual SwPlatformvmware

Dell ≫ Avamar Version19.8 SwEditionvirtual SwPlatformvsphere

Dell ≫ Avamar Version19.9 SwEditionvirtual SwPlatformesxi

Dell ≫ Avamar Version19.9 SwEditionvirtual SwPlatformvmware

Dell ≫ Avamar Version19.9 SwEditionvirtual SwPlatformvsphere

Dell ≫ Avamar Version19.10 Update- SwEditionvirtual SwPlatformesxi

Dell ≫ Avamar Version19.10 Update- SwEditionvirtual SwPlatformvmware

Dell ≫ Avamar Version19.10 Update- SwEditionvirtual SwPlatformvsphere

Dell ≫ Avamar Version19.10 Updatesp1 SwEditionvirtual SwPlatformesxi

Dell ≫ Avamar Version19.10 Updatesp1 SwEditionvirtual SwPlatformvmware

Dell ≫ Avamar Version19.10 Updatesp1 SwEditionvirtual SwPlatformvsphere

Dell ≫ Avamar Version19.12 SwEditionvirtual SwPlatformesxi

Dell ≫ Avamar Version19.12 SwEditionvirtual SwPlatformvmware

Dell ≫ Avamar Version19.12 SwEditionvirtual SwPlatformvsphere

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.142

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security_alert@emc.com	8.3	2.8	5.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE-650 Trusting HTTP Permission Methods on the Server Side

The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. This might allow attackers to bypass intended access restrictions and conduct resource modification and deletion attacks, since some applications allow GET to modify state.

https://www.dell.com/support/kbdoc/en-us/000347698/dsa-2025-271-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-multiple-vulnerabilities

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-21120

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-21120

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-21120

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-21120