The vulnerabilities affect Dell EMC's Avamar Server, NetWorker Virtual Edition, and Integrated Data Protection Appliance. Users should apply patches now. Credit: Thinkstock Researchers have discovered several vulnerabilities in Dell EMC’s data protection products that would allow an attacker to gain full control of the system. Fortunately, a fix is available now for download. The vulnerabilities, three in all, were disclosed on Jan. 4 by the security technology and services firm Digital Defense. They effect Dell EMC’s Avamar Server, NetWorker Virtual Edition, and Integrated Data Protection Appliance, which use a common component called Avamar Installation Manager. This is the problematic app. In addition to this, a related problem in the VMware vSphere Data Protection backup product has also been uncovered, but it has already been patched. How attackers could exploit the vulnerabilities Through the vulnerabilities in user authentication, attackers could obtain information stored inside the appliances, such as server data. “The authentication bypass can be combined with the other two vulnerabilities to fully compromise the virtual appliance,” Digital Defense said in a blog post announcing the problem. Digital Defense worked with Dell EMC on the problem and held the news until Dell EMC could issue security fixes to address the vulnerabilities, which are now out. These patches should be applied without delay because they are quite serious. Attackers can get at database information without having to break into the actual database server. They can log in to the backup devices instead as administrators and won’t need to know any user names or passwords. Products affected The impacted products are: Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4. x, 7.5.0 NetWorker Virtual Edition 0.x, 9.1.x, 9.2.x Integrated Data Protection Appliance 2.0 While this has shades of the Meltdown flaw affecting CPUs, the two are entirely unrelated. It’s just a coincidental resemblance in that both allow for reading of contents on a device. Related content news analysis Western Digital keeps HDDs relevant with major capacity boost Western Digital and rival Seagate are finding new ways to pack data onto disk platters, keeping them relevant in the age of solid-state drives (SSD). By Andy Patrizio Dec 06, 2023 4 mins Enterprise Storage Data Center news Omdia: AI boosts server spending but unit sales still plunge A rush to build AI capacity using expensive coprocessors is jacking up the prices of servers, says research firm Omdia. By Andy Patrizio Dec 04, 2023 4 mins CPUs and Processors Generative AI Data Center news AWS and Nvidia partner on Project Ceiba, a GPU-powered AI supercomputer The companies are extending their AI partnership, and one key initiative is a supercomputer that will be integrated with AWS services and used by Nvidia’s own R&D teams. By Andy Patrizio Nov 30, 2023 3 mins CPUs and Processors Generative AI Supercomputers news VMware stung by defections and layoffs after Broadcom close Layoffs and executive departures are expected after an acquisition, but there's also concern about VMware customer retention. By Andy Patrizio Nov 30, 2023 3 mins Virtualization Data Center Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe