PowerProtect Data Manager Reporting
by Dell
CVEs (20)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-43888 | Hig | 0.57 | 8.8 | 0.00 | Sep 10, 2025 | Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | ||
| CVE-2024-22454 | Hig | 0.57 | 8.8 | 0.01 | Feb 13, 2024 | Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with… | ||
| CVE-2023-28062 | Hig | 0.57 | 8.8 | 0.01 | Apr 11, 2023 | Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions. | ||
| CVE-2025-43884 | Hig | 0.53 | 8.2 | 0.00 | Sep 10, 2025 | Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability,… | ||
| CVE-2025-43885 | Hig | 0.51 | 7.8 | 0.01 | Sep 10, 2025 | Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability,… | ||
| CVE-2025-43725 | Hig | 0.51 | 7.8 | 0.00 | Sep 10, 2025 | Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | ||
| CVE-2025-23375 | Hig | 0.51 | 7.8 | 0.00 | Apr 28, 2025 | Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||
| CVE-2020-5356 | Hig | 0.50 | 7.7 | 0.01 | Jul 6, 2020 | Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines. | ||
| CVE-2024-22445 | Hig | 0.47 | 7.2 | 0.01 | Feb 13, 2024 | Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS,… | ||
| CVE-2025-43887 | Hig | 0.46 | 7.0 | 0.00 | Sep 10, 2025 | Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||
| CVE-2025-30480 | Med | 0.42 | 6.5 | 0.00 | Jul 30, 2025 | Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files. | ||
| CVE-2024-25971 | Med | 0.36 | 5.5 | 0.01 | Mar 28, 2024 | Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service. | ||
| CVE-2025-43938 | Med | 0.33 | 5.0 | 0.00 | Sep 10, 2025 | Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The… | ||
| CVE-2025-43886 | Med | 0.29 | 4.4 | 0.00 | Sep 10, 2025 | Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. | ||
| CVE-2025-23377 | Med | 0.27 | 4.2 | 0.00 | Apr 28, 2025 | Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting… | ||
| CVE-2025-23376 | Low | 0.15 | 2.3 | 0.00 | Apr 28, 2025 | Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to… | ||
| CVE-2026-22267 | 0.00 | — | 0.00 | Feb 19, 2026 | Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||
| CVE-2026-22268 | 0.00 | — | 0.00 | Feb 19, 2026 | Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection. | |||
| CVE-2026-22266 | 0.00 | — | 0.00 | Feb 19, 2026 | Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection… | |||
| CVE-2026-22269 | 0.00 | — | 0.00 | Feb 19, 2026 | Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection… |
- risk 0.57cvss 8.8epss 0.00
Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
- risk 0.57cvss 8.8epss 0.01
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with…
- risk 0.57cvss 8.8epss 0.01
Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions.
- risk 0.53cvss 8.2epss 0.00
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability,…
- risk 0.51cvss 7.8epss 0.01
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability,…
- risk 0.51cvss 7.8epss 0.00
Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
- risk 0.51cvss 7.8epss 0.00
Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
- risk 0.50cvss 7.7epss 0.01
Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.
- risk 0.47cvss 7.2epss 0.01
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS,…
- risk 0.46cvss 7.0epss 0.00
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
- risk 0.42cvss 6.5epss 0.00
Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files.
- risk 0.36cvss 5.5epss 0.01
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.
- risk 0.33cvss 5.0epss 0.00
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The…
- risk 0.29cvss 4.4epss 0.00
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.
- risk 0.27cvss 4.2epss 0.00
Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting…
- risk 0.15cvss 2.3epss 0.00
Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to…
- CVE-2026-22267Feb 19, 2026risk 0.00cvss —epss 0.00
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
- CVE-2026-22268Feb 19, 2026risk 0.00cvss —epss 0.00
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection.
- CVE-2026-22266Feb 19, 2026risk 0.00cvss —epss 0.00
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection…
- CVE-2026-22269Feb 19, 2026risk 0.00cvss —epss 0.00
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection…