{"api_version":"1","generated_at":"2026-04-23T06:20:06+00:00","cve":"CVE-2021-36317","urls":{"html":"https://cve.report/CVE-2021-36317","api":"https://cve.report/api/cve/CVE-2021-36317.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-36317","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-36317"},"summary":{"title":"CVE-2021-36317","description":"Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.","state":"PUBLIC","assigner":"secure@dell.com","published_at":"2021-12-21 17:15:00","updated_at":"2022-11-07 18:59:00"},"problem_types":["CWE-522"],"metrics":[],"references":[{"url":"https://security.gentoo.org/glsa/202210-09","name":"GLSA-202210-09","refsource":"GENTOO","tags":[],"title":"Rust: Multiple Vulnerabilities (GLSA 202210-09) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.dell.com/support/kbdoc/000193369","name":"N/A","refsource":"CONFIRM","tags":[],"title":"Access Denied","mime":"text/html","httpstatus":"403","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-36317","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36317","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"36317","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dell","cpe5":"emc_avamar_server","cpe6":"19.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"36317","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dell","cpe5":"emc_powerprotect_data_protection_appliance","cpe6":"2.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-36317","qid":"710640","title":"Gentoo Linux Rust Multiple Vulnerabilities (GLSA 202210-09)"},{"cve":"CVE-2021-36317","qid":"730316","title":"Dell Avamar and NetWorker Multiple Security Vulnerabilities (DSA-2021-141)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@dell.com","DATE_PUBLIC":"2021-11-09","ID":"CVE-2021-36317","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Avamar","version":{"version_data":[{"version_affected":"=","version_value":"19.4"}]}}]},"vendor_name":"Dell"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account."}]},"impact":{"cvss":{"baseScore":6.7,"baseSeverity":"Medium","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-256: Unprotected Storage of Credentials"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://www.dell.com/support/kbdoc/000193369","name":"https://www.dell.com/support/kbdoc/000193369"},{"refsource":"GENTOO","name":"GLSA-202210-09","url":"https://security.gentoo.org/glsa/202210-09"}]}},"nvd":{"publishedDate":"2021-12-21 17:15:00","lastModifiedDate":"2022-11-07 18:59:00","problem_types":["CWE-522"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dell:emc_avamar_server:19.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dell:emc_powerprotect_data_protection_appliance:2.7:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"36317","Ordinal":"211861","Title":"CVE-2021-36317","CVE":"CVE-2021-36317","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"36317","Ordinal":"1","NoteData":"Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"36317","Ordinal":"2","NoteData":"2021-12-21","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"36317","Ordinal":"3","NoteData":"2021-12-21","Type":"Other","Title":"Modified"}]}}}