PowerProtect Data Manager
by Dell
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-25971 | 0.00 | — | 0.00 | Mar 28, 2024 | Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service. | |||
| CVE-2024-22445 | 0.00 | — | 0.00 | Feb 13, 2024 | Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS,… | |||
| CVE-2024-22454 | 0.00 | — | 0.01 | Feb 13, 2024 | Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with… | |||
| CVE-2023-44302 | 0.00 | — | 0.05 | Dec 4, 2023 | Dell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access of resources or functionality that could possibly lead to execute arbitrary code. | |||
| CVE-2023-44301 | 0.00 | — | 0.00 | Dec 4, 2023 | Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability. A network attacker with low privileges could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the… | |||
| CVE-2023-44300 | 0.00 | — | 0.00 | Dec 4, 2023 | Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in the appliance. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain service credentials. The attacker may be able to use the exposed… | |||
| CVE-2023-44306 | 0.00 | — | 0.02 | Dec 4, 2023 | Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem. | |||
| CVE-2023-44305 | 0.00 | — | 0.05 | Dec 4, 2023 | Dell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerability in the appliance. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data. | |||
| CVE-2023-44304 | 0.00 | — | 0.02 | Dec 4, 2023 | Dell DM5500 contains a privilege escalation vulnerability in the appliance. A remote attacker with low privileges could potentially exploit this vulnerability to escape the restricted shell and gain root access to the appliance. | |||
| CVE-2023-44291 | 0.00 | — | 0.03 | Dec 4, 2023 | Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the… | |||
| CVE-2023-28062 | 0.00 | — | 0.00 | Apr 11, 2023 | Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions. | |||
| CVE-2020-5356 | 0.00 | — | 0.00 | Jul 6, 2020 | Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines. |
- CVE-2024-25971Mar 28, 2024risk 0.00cvss —epss 0.00
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.
- CVE-2024-22445Feb 13, 2024risk 0.00cvss —epss 0.00
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS,…
- CVE-2024-22454Feb 13, 2024risk 0.00cvss —epss 0.01
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with…
- CVE-2023-44302Dec 4, 2023risk 0.00cvss —epss 0.05
Dell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access of resources or functionality that could possibly lead to execute arbitrary code.
- CVE-2023-44301Dec 4, 2023risk 0.00cvss —epss 0.00
Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability. A network attacker with low privileges could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the…
- CVE-2023-44300Dec 4, 2023risk 0.00cvss —epss 0.00
Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in the appliance. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain service credentials. The attacker may be able to use the exposed…
- CVE-2023-44306Dec 4, 2023risk 0.00cvss —epss 0.02
Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem.
- CVE-2023-44305Dec 4, 2023risk 0.00cvss —epss 0.05
Dell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerability in the appliance. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
- CVE-2023-44304Dec 4, 2023risk 0.00cvss —epss 0.02
Dell DM5500 contains a privilege escalation vulnerability in the appliance. A remote attacker with low privileges could potentially exploit this vulnerability to escape the restricted shell and gain root access to the appliance.
- CVE-2023-44291Dec 4, 2023risk 0.00cvss —epss 0.03
Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the…
- CVE-2023-28062Apr 11, 2023risk 0.00cvss —epss 0.00
Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions.
- CVE-2020-5356Jul 6, 2020risk 0.00cvss —epss 0.00
Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.