cvelist/2020/5xxx/CVE-2020-5341.json

{
    "CVE_data_meta": {
        "ASSIGNER": "secure@dell.com",
        "DATE_PUBLIC": "2020-02-27",
        "ID": "CVE-2020-5341",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Avamar Virtual Edition",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_value": "Avamar 7.5 Virtual Edition for VMware vSphere only"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Dell"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system."
            }
        ]
    },
    "impact": {
        "cvss": {
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-502: Deserialization of Untrusted Data"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://www.dell.com/support/security/en-us/details/541677/DSA-2020-057-Dell-EMC-Avamar-Server-Deserialization-of-Untrusted-Data-Vulnerability",
                "name": "https://www.dell.com/support/security/en-us/details/541677/DSA-2020-057-Dell-EMC-Avamar-Server-Deserialization-of-Untrusted-Data-Vulnerability"
            }
        ]
    }
}
"-Synchronized-Data." 2020-01-03 14:01:42 +00:00			`{`
			`"CVE_data_meta": {`
"-Synchronized-Data." 2021-07-30 14:10:42 +00:00			`"ASSIGNER": "secure@dell.com",`
			`"DATE_PUBLIC": "2020-02-27",`
			`"ID": "CVE-2020-5341",`
Added 3 2020 CVEs 2021-07-27 19:41:30 -04:00			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2021-07-30 14:10:42 +00:00			`},`
Added 3 2020 CVEs 2021-07-27 19:41:30 -04:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
"-Synchronized-Data." 2021-07-30 14:10:42 +00:00			`"product_name": "Avamar Virtual Edition",`
Added 3 2020 CVEs 2021-07-27 19:41:30 -04:00			`"version": {`
			`"version_data": [`
			`{`
"-Synchronized-Data." 2021-07-30 14:10:42 +00:00			`"version_affected": "<",`
Added 3 2020 CVEs 2021-07-27 19:41:30 -04:00			`"version_value": "Avamar 7.5 Virtual Edition for VMware vSphere only"`
			`}`
			`]`
			`}`
			`}`
			`]`
"-Synchronized-Data." 2021-07-30 14:10:42 +00:00			`},`
Added 3 2020 CVEs 2021-07-27 19:41:30 -04:00			`"vendor_name": "Dell"`
			`}`
			`]`
			`}`
"-Synchronized-Data." 2021-07-30 14:10:42 +00:00			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2020-01-03 14:01:42 +00:00			`"description": {`
			`"description_data": [`
			`{`
"-Synchronized-Data." 2021-07-30 14:10:42 +00:00			`"lang": "eng",`
			`"value": "Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system."`
Added 3 2020 CVEs 2021-07-27 19:41:30 -04:00			`}`
			`]`
"-Synchronized-Data." 2021-07-30 14:10:42 +00:00			`},`
Added 3 2020 CVEs 2021-07-27 19:41:30 -04:00			`"impact": {`
			`"cvss": {`
"-Synchronized-Data." 2021-07-30 14:10:42 +00:00			`"baseScore": 9.8,`
			`"baseSeverity": "Critical",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",`
Added 3 2020 CVEs 2021-07-27 19:41:30 -04:00			`"version": "3.1"`
			`}`
"-Synchronized-Data." 2021-07-30 14:10:42 +00:00			`},`
Added 3 2020 CVEs 2021-07-27 19:41:30 -04:00			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
"-Synchronized-Data." 2021-07-30 14:10:42 +00:00			`"lang": "eng",`
Added 3 2020 CVEs 2021-07-27 19:41:30 -04:00			`"value": "CWE-502: Deserialization of Untrusted Data"`
			`}`
			`]`
			`}`
			`]`
"-Synchronized-Data." 2021-07-30 14:10:42 +00:00			`},`
Added 3 2020 CVEs 2021-07-27 19:41:30 -04:00			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2021-07-30 14:10:42 +00:00			`"refsource": "MISC",`
			`"url": "https://www.dell.com/support/security/en-us/details/541677/DSA-2020-057-Dell-EMC-Avamar-Server-Deserialization-of-Untrusted-Data-Vulnerability",`
			`"name": "https://www.dell.com/support/security/en-us/details/541677/DSA-2020-057-Dell-EMC-Avamar-Server-Deserialization-of-Untrusted-Data-Vulnerability"`
"-Synchronized-Data." 2020-01-03 14:01:42 +00:00			`}`
			`]`
			`}`
			`}`