CVE-2018-11077

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.

Published: Nov 26, 2018
Updated: Nov 9, 2025
CVE: CVE-2018-11077
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
dell / emc_integrated_data_protection_appliance	2.0	2.0.x
dell / emc_integrated_data_protection_appliance	2.1	2.1.x
dell / emc_avamar	7.3.1	7.3.1.x
dell / emc_avamar	7.4.1	7.4.1.x
dell / emc_avamar	7.5.0	7.5.0.x
dell / emc_integrated_data_protection_appliance	2.2	2.2.x
dell / emc_avamar	18.1	18.1.x
dell / emc_avamar	7.5.1	7.5.1.x
dell / emc_avamar	7.4.0	7.4.0.x
dell / emc_avamar	7.3.0	7.3.0.x
dell / emc_avamar	7.2.0	7.2.0.x
dell / emc_avamar	7.2.1	7.2.1.x
vmware / vsphere_data_protection	6.1.0	6.1.0.x
vmware / vsphere_data_protection	6.0.3	6.0.3.x
vmware / vsphere_data_protection	6.0.1	6.0.1.x
vmware / vsphere_data_protection	6.1.3	6.1.3.x
vmware / vsphere_data_protection	6.1.1	6.1.1.x
vmware / vsphere_data_protection	6.0.0	6.0.0.x
vmware / vsphere_data_protection	6.0.4	6.0.4.x
vmware / vsphere_data_protection	6.1.2	6.1.2.x
vmware / vsphere_data_protection	6.0.2	6.0.2.x
vmware / vsphere_data_protection	6.0.5	6.0.5.x
vmware / vsphere_data_protection	6.0.6	6.0.6.x
vmware / vsphere_data_protection	6.0.7	6.0.7.x
vmware / vsphere_data_protection	6.0.8	6.0.8.x
vmware / vsphere_data_protection	6.1.4	6.1.4.x
vmware / vsphere_data_protection	6.1.5	6.1.5.x
vmware / vsphere_data_protection	6.1.6	6.1.6.x
vmware / vsphere_data_protection	6.1.7	6.1.7.x
vmware / vsphere_data_protection	6.1.8	6.1.8.x
vmware / vsphere_data_protection	6.1.9	6.1.9.x

Vulnerability Database

322,573

CVE-2018-11077

Deep Security Visibility Without the Complexity