VYPR

PowerProtect Data Manager Reporting

by Dell

CVEs (20)

  • CVE-2025-43888HigSep 10, 2025
    risk 0.57cvss 8.8epss 0.00

    Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

  • CVE-2024-22454HigFeb 13, 2024
    risk 0.57cvss 8.8epss 0.01

    Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with…

  • CVE-2023-28062HigApr 11, 2023
    risk 0.57cvss 8.8epss 0.01

    Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions.

  • CVE-2025-43884HigSep 10, 2025
    risk 0.53cvss 8.2epss 0.00

    Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability,…

  • CVE-2025-43885HigSep 10, 2025
    risk 0.51cvss 7.8epss 0.01

    Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability,…

  • CVE-2025-43725HigSep 10, 2025
    risk 0.51cvss 7.8epss 0.00

    Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

  • CVE-2025-23375HigApr 28, 2025
    risk 0.51cvss 7.8epss 0.00

    Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

  • CVE-2020-5356HigJul 6, 2020
    risk 0.50cvss 7.7epss 0.01

    Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.

  • CVE-2024-22445HigFeb 13, 2024
    risk 0.47cvss 7.2epss 0.01

    Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS,…

  • CVE-2025-43887HigSep 10, 2025
    risk 0.46cvss 7.0epss 0.00

    Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

  • CVE-2025-30480MedJul 30, 2025
    risk 0.42cvss 6.5epss 0.00

    Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files.

  • CVE-2024-25971MedMar 28, 2024
    risk 0.36cvss 5.5epss 0.01

    Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.

  • CVE-2025-43938MedSep 10, 2025
    risk 0.33cvss 5.0epss 0.00

    Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The…

  • CVE-2025-43886MedSep 10, 2025
    risk 0.29cvss 4.4epss 0.00

    Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.

  • CVE-2025-23377MedApr 28, 2025
    risk 0.27cvss 4.2epss 0.00

    Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting…

  • CVE-2025-23376LowApr 28, 2025
    risk 0.15cvss 2.3epss 0.00

    Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to…

  • CVE-2026-22267Feb 19, 2026
    risk 0.00cvss epss 0.00

    Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

  • CVE-2026-22268Feb 19, 2026
    risk 0.00cvss epss 0.00

    Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection.

  • CVE-2026-22266Feb 19, 2026
    risk 0.00cvss epss 0.00

    Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection…

  • CVE-2026-22269Feb 19, 2026
    risk 0.00cvss epss 0.00

    Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection…