Powerprotect Data Manager
by Dell
CVEs (21)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-43888 | Hig | 0.57 | 8.8 | 0.00 | Sep 10, 2025 | Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | ||
| CVE-2024-22454 | Hig | 0.57 | 8.8 | 0.01 | Feb 13, 2024 | Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with… | ||
| CVE-2023-44304 | Hig | 0.57 | 8.8 | 0.01 | Dec 4, 2023 | Dell DM5500 contains a privilege escalation vulnerability in the appliance. A remote attacker with low privileges could potentially exploit this vulnerability to escape the restricted shell and gain root access to the appliance. | ||
| CVE-2023-28062 | Hig | 0.57 | 8.8 | 0.01 | Apr 11, 2023 | Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions. | ||
| CVE-2025-43884 | Hig | 0.53 | 8.2 | 0.00 | Sep 10, 2025 | Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability,… | ||
| CVE-2023-44305 | Hig | 0.53 | 8.1 | 0.01 | Dec 4, 2023 | Dell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerability in the appliance. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data. | ||
| CVE-2023-44302 | Hig | 0.53 | 8.1 | 0.01 | Dec 4, 2023 | Dell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access of resources or functionality that could possibly lead to execute arbitrary code. | ||
| CVE-2025-43885 | Hig | 0.51 | 7.8 | 0.01 | Sep 10, 2025 | Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability,… | ||
| CVE-2025-43725 | Hig | 0.51 | 7.8 | 0.00 | Sep 10, 2025 | Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | ||
| CVE-2020-5356 | Hig | 0.50 | 7.7 | 0.01 | Jul 6, 2020 | Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines. | ||
| CVE-2024-22445 | Hig | 0.47 | 7.2 | 0.01 | Feb 13, 2024 | Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS,… | ||
| CVE-2023-44291 | Hig | 0.47 | 7.2 | 0.02 | Dec 4, 2023 | Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the… | ||
| CVE-2025-43887 | Hig | 0.46 | 7.0 | 0.00 | Sep 10, 2025 | Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||
| CVE-2025-30480 | Med | 0.42 | 6.5 | 0.00 | Jul 30, 2025 | Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files. | ||
| CVE-2023-44306 | Med | 0.42 | 6.5 | 0.01 | Dec 4, 2023 | Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem. | ||
| CVE-2024-25971 | Med | 0.36 | 5.5 | 0.01 | Mar 28, 2024 | Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service. | ||
| CVE-2023-44300 | Med | 0.36 | 5.5 | 0.00 | Dec 4, 2023 | Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in the appliance. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain service credentials. The attacker may be able to use the exposed… | ||
| CVE-2023-44301 | Med | 0.35 | 5.4 | 0.00 | Dec 4, 2023 | Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability. A network attacker with low privileges could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the… | ||
| CVE-2025-43938 | Med | 0.33 | 5.0 | 0.00 | Sep 10, 2025 | Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The… | ||
| CVE-2025-43886 | Med | 0.29 | 4.4 | 0.00 | Sep 10, 2025 | Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. |
- risk 0.57cvss 8.8epss 0.00
Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
- risk 0.57cvss 8.8epss 0.01
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with…
- risk 0.57cvss 8.8epss 0.01
Dell DM5500 contains a privilege escalation vulnerability in the appliance. A remote attacker with low privileges could potentially exploit this vulnerability to escape the restricted shell and gain root access to the appliance.
- risk 0.57cvss 8.8epss 0.01
Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions.
- risk 0.53cvss 8.2epss 0.00
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability,…
- risk 0.53cvss 8.1epss 0.01
Dell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerability in the appliance. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
- risk 0.53cvss 8.1epss 0.01
Dell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access of resources or functionality that could possibly lead to execute arbitrary code.
- risk 0.51cvss 7.8epss 0.01
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability,…
- risk 0.51cvss 7.8epss 0.00
Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
- risk 0.50cvss 7.7epss 0.01
Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.
- risk 0.47cvss 7.2epss 0.01
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS,…
- risk 0.47cvss 7.2epss 0.02
Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the…
- risk 0.46cvss 7.0epss 0.00
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
- risk 0.42cvss 6.5epss 0.00
Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files.
- risk 0.42cvss 6.5epss 0.01
Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem.
- risk 0.36cvss 5.5epss 0.01
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.
- risk 0.36cvss 5.5epss 0.00
Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in the appliance. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain service credentials. The attacker may be able to use the exposed…
- risk 0.35cvss 5.4epss 0.00
Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability. A network attacker with low privileges could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the…
- risk 0.33cvss 5.0epss 0.00
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The…
- risk 0.29cvss 4.4epss 0.00
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.
Page 1 of 2