Researchers have discovered several vulnerabilities in Dell EMC's data protection products that would allow an attacker to gain full control of the system. Fortunately, a fix is available now for download.\nThe vulnerabilities, three in all, were disclosed on Jan. 4 by the security technology and services firm Digital Defense. They effect Dell EMC's Avamar Server, NetWorker Virtual Edition, and Integrated Data Protection Appliance, which use a common component called Avamar Installation Manager. This is the problematic app.\nIn addition to this, a related problem in the VMware vSphere Data Protection backup product has also been uncovered, but it has already been patched.\nHow attackers could exploit the vulnerabilities\nThrough the vulnerabilities in user authentication, attackers could obtain information stored inside the appliances, such as server data.\n"The authentication bypass can be combined with the other two vulnerabilities to fully compromise the virtual appliance," Digital Defense said in a blog post announcing the problem.\nDigital Defense worked with Dell EMC on the problem and held the news until Dell EMC could issue security fixes to address the vulnerabilities, which are now out.\nThese patches should be applied without delay because they are quite serious. Attackers can get at database information without having to break into the actual database server. They can log in to the backup devices instead as administrators and won\u2019t need to know any user names or passwords.\nProducts affected\nThe impacted products are:\n\nAvamar Server 7.1.x, 7.2.x, 7.3.x, 7.4. x, 7.5.0\nNetWorker Virtual Edition 0.x, 9.1.x, 9.2.x\nIntegrated Data Protection Appliance 2.0\n\nWhile this has shades of the Meltdown flaw affecting CPUs, the two are entirely unrelated. It\u2019s just a coincidental resemblance in that both allow for reading of contents on a device.