Vulnerabilites related to dell - data_domain_operating_system
Vulnerability from fkie_nvd
Published
2025-02-01 05:15
Modified
2025-02-07 20:29
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "6D56B479-FD54-438E-BDC2-FE21FCB7F647", versionEndExcluding: "7.10.1.50", versionStartIncluding: "7.10.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "44959F58-CC82-4D06-9BF5-D92A566981D4", versionEndExcluding: "7.13.1.20", versionStartIncluding: "7.13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "B7A07BCC-040A-47FF-9727-F53C1338279B", versionEndExcluding: "8.3.0.0", versionStartIncluding: "7.14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.", }, { lang: "es", value: "Las versiones de Dell PowerProtect DD anteriores a 8.3.0.0, 7.10.1.50 y 7.13.1.20 contienen una vulnerabilidad de control de acceso inadecuado. Un usuario malintencionado local con privilegios bajos podría aprovechar esta vulnerabilidad y provocar una escalada de privilegios.", }, ], id: "CVE-2024-53295", lastModified: "2025-02-07T20:29:07.407", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-01T05:15:10.847", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-1220", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-01 04:15
Modified
2025-02-07 19:54
Severity ?
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "6D56B479-FD54-438E-BDC2-FE21FCB7F647", versionEndExcluding: "7.10.1.50", versionStartIncluding: "7.10.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "44959F58-CC82-4D06-9BF5-D92A566981D4", versionEndExcluding: "7.13.1.20", versionStartIncluding: "7.13.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.", }, { lang: "es", value: "Las versiones de Dell PowerProtect DD anteriores a 7.10.1.50 y 7.13.1.20 contienen una vulnerabilidad de desbordamiento de búfer basado en pila en RestAPI. Un atacante con privilegios elevados y acceso remoto podría aprovechar esta vulnerabilidad, lo que provocaría una denegación de servicio.", }, ], id: "CVE-2024-53296", lastModified: "2025-02-07T19:54:50.490", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-01T04:15:31.293", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-26 04:15
Modified
2024-11-21 09:23
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Summary
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "C6A0B6C8-491A-46F2-A330-15000DE501BA", versionEndExcluding: "7.7.5.40", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "28F4339F-F4B0-479A-B300-ADB987171B31", versionEndExcluding: "7.10.1.30", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "8EF3066F-F378-4AA6-B50C-B33C22C57492", versionEndExcluding: "7.13.1.0", versionStartIncluding: "7.11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.", }, { lang: "es", value: "Dell PowerProtect DD, versiones anteriores a 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contienen una vulnerabilidad de redireccionamiento abierto. Un atacante remoto con pocos privilegios podría explotar esta vulnerabilidad, lo que llevaría a la divulgación de información.", }, ], id: "CVE-2024-37141", lastModified: "2024-11-21T09:23:17.330", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-26T04:15:13.940", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "security_alert@emc.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-26 03:15
Modified
2024-11-21 09:07
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "C6A0B6C8-491A-46F2-A330-15000DE501BA", versionEndExcluding: "7.7.5.40", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "28F4339F-F4B0-479A-B300-ADB987171B31", versionEndExcluding: "7.10.1.30", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "8EF3066F-F378-4AA6-B50C-B33C22C57492", versionEndExcluding: "7.13.1.0", versionStartIncluding: "7.11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information.", }, { lang: "es", value: "Dell PowerProtect Data Domain, versiones anteriores a 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contienen una vulnerabilidad de algoritmo criptográfico débil. Un atacante remoto no autenticado podría explotar esta vulnerabilidad, lo que provocaría un ataque de intermediario que exponga información confidencial de la sesión.", }, ], id: "CVE-2024-29175", lastModified: "2024-11-21T09:07:43.653", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-26T03:15:10.303", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-08 03:15
Modified
2024-11-26 19:26
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "F67B432D-426C-4155-B365-A08CE8AD29AC", versionEndExcluding: "7.7.5.50", versionStartIncluding: "7.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "581408C7-9067-41F9-AA9C-E58ECA0EE006", versionEndExcluding: "7.10.1.40", versionStartIncluding: "7.10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "D65074E3-083E-4010-8E66-2A256155311A", versionEndExcluding: "7.13.1.10", versionStartIncluding: "7.13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "45B0DE69-722F-4180-B4A7-24D002B3035C", versionEndExcluding: "8.1.0.0", versionStartIncluding: "8.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application.", }, { lang: "es", value: "Dell PowerProtect DD, versiones anteriores a 8.1.0.0, 7.13.1.10, 7.10.1.40 y 7.7.5.50, contiene una vulnerabilidad de control de acceso. Un atacante remoto con privilegios elevados podría aprovechar esta vulnerabilidad, lo que provocaría una escalada de privilegios en la aplicación.", }, ], id: "CVE-2024-48010", lastModified: "2024-11-26T19:26:13.733", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.2, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-11-08T03:15:03.933", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000245360/dsa-2024-424-security-update-for-dell-pdsa-2024-424-security-update-for-dell-powerprotect-dd-vulnerabilityowerprotect-dd-vulnerability", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-08 03:15
Modified
2024-11-26 02:12
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | data_domain_operating_system | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "5DCE3E13-DD55-4471-8440-FB4612E92F31", versionEndExcluding: "7.7.5.50", versionStartIncluding: "7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.", }, { lang: "es", value: "Dell PowerProtect DD, versiones anteriores a 7.7.5.50, contiene una vulnerabilidad de exposición de información confidencial a un agente no autorizado. Un atacante con pocos privilegios y acceso remoto podría aprovechar esta vulnerabilidad, lo que provocaría la divulgación de información.", }, ], id: "CVE-2024-48011", lastModified: "2024-11-26T02:12:04.277", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 1.4, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-11-08T03:15:04.160", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000245360/dsa-2024-424-security-update-for-dell-pdsa-2024-424-security-update-for-dell-powerprotect-dd-vulnerabilityowerprotect-dd-vulnerability", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-01 04:15
Modified
2025-02-07 19:58
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "6D56B479-FD54-438E-BDC2-FE21FCB7F647", versionEndExcluding: "7.10.1.50", versionStartIncluding: "7.10.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "44959F58-CC82-4D06-9BF5-D92A566981D4", versionEndExcluding: "7.13.1.20", versionStartIncluding: "7.13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "B7A07BCC-040A-47FF-9727-F53C1338279B", versionEndExcluding: "8.3.0.0", versionStartIncluding: "7.14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service.", }, { lang: "es", value: "Las versiones de Dell PowerProtect DD anteriores a DDOS 8.3.0.0, 7.10.1.50 y 7.13.1.20 contienen una vulnerabilidad Path Traversal. Un usuario local con pocos privilegios podría aprovechar esta vulnerabilidad para obtener una sobrescritura no autorizada de los archivos del sistema operativo almacenados en el sistema de archivos del servidor. La explotación podría provocar una denegación de servicio.", }, ], id: "CVE-2024-51534", lastModified: "2025-02-07T19:58:25.567", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-01T04:15:31.150", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-29", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-26 04:15
Modified
2024-11-21 09:23
Severity ?
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Summary
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "C6A0B6C8-491A-46F2-A330-15000DE501BA", versionEndExcluding: "7.7.5.40", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "28F4339F-F4B0-479A-B300-ADB987171B31", versionEndExcluding: "7.10.1.30", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "8EF3066F-F378-4AA6-B50C-B33C22C57492", versionEndExcluding: "7.13.1.0", versionStartIncluding: "7.11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system.", }, { lang: "es", value: "Dell PowerProtect DD, versiones anteriores a 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 en DDMC contienen una vulnerabilidad de Path Traversal relativo. Un atacante remoto con altos privilegios podría explotar esta vulnerabilidad, lo que provocaría que la aplicación envíe un archivo no autorizado al sistema administrado.", }, ], id: "CVE-2024-37138", lastModified: "2024-11-21T09:23:16.880", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 1.4, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-26T04:15:13.000", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-23", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-04 03:15
Modified
2025-02-07 20:42
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "6D56B479-FD54-438E-BDC2-FE21FCB7F647", versionEndExcluding: "7.10.1.50", versionStartIncluding: "7.10.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "093E02B4-4C31-4A87-9A92-6CA109458566", versionEndExcluding: "7.13.1.10", versionStartIncluding: "7.13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "B7A07BCC-040A-47FF-9727-F53C1338279B", versionEndExcluding: "8.3.0.0", versionStartIncluding: "7.14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.", }, { lang: "es", value: "Dell PowerProtect DD, versiones anteriores a DDOS 8.3.0.0, 7.10.1.50 y 7.13.1.10 contienen una vulnerabilidad de implementación riesgosa con uso de primitiva criptográfica. Un atacante remoto podría aprovechar esta vulnerabilidad, lo que provocaría la manipulación de la información.", }, ], id: "CVE-2025-22475", lastModified: "2025-02-07T20:42:39.800", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-04T03:15:07.240", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-1240", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-26 03:15
Modified
2025-02-03 14:59
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "51B3D8A3-950B-4D4E-9E4D-7D1ADE791C93", versionEndIncluding: "7.13", versionStartIncluding: "7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:dd3300:-:*:*:*:*:*:*:*", matchCriteriaId: "AA4D9616-4482-4173-9507-6B8EC15F3521", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd6400:-:*:*:*:*:*:*:*", matchCriteriaId: "4A81372F-E8DC-49AB-AC12-700F76D4C2C6", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd6900:-:*:*:*:*:*:*:*", matchCriteriaId: "5525030D-2AA9-4AB6-8B15-D09214C1834E", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd9400:-:*:*:*:*:*:*:*", matchCriteriaId: "4C08E46D-6795-46DB-BA6C-548D7B8EBFA5", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd9410:-:*:*:*:*:*:*:*", matchCriteriaId: "F820D2BB-4773-4B2F-BC50-9474B44DB8F6", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd9900:-:*:*:*:*:*:*:*", matchCriteriaId: "105F8F20-3EB3-49E7-82BE-3A5742EAA51E", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd9910:-:*:*:*:*:*:*:*", matchCriteriaId: "84F58819-777E-43C1-B1EA-FFD7CDF79234", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "D655A40E-7358-4E29-BDC6-8CC2E8BA1D63", versionEndExcluding: "5.16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:dm5500:-:*:*:*:*:*:*:*", matchCriteriaId: "5B15806F-F6F1-4B26-921C-FE7620B3539F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery", }, { lang: "es", value: "Dell PowerProtect DD, versiones anteriores a 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contienen una vulnerabilidad de Cross-Site Scripting Almacenado. Un atacante remoto con altos privilegios podría explotar esta vulnerabilidad, lo que llevaría al almacenamiento de códigos HTML o JavaScript maliciosos en un almacén de datos de aplicaciones confiable. Cuando un usuario víctima con altos privilegios accede al almacén de datos a través de sus navegadores, el navegador web ejecuta el código malicioso en el contexto de la aplicación web vulnerable. La explotación puede dar lugar a la divulgación de información, el robo de sesiones o la falsificación de solicitudes por parte del cliente.", }, ], id: "CVE-2024-28973", lastModified: "2025-02-03T14:59:08.020", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 3.7, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-26T03:15:09.640", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security_alert@emc.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-26 03:15
Modified
2024-11-21 09:07
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | apex_protection_storage | - | |
| dell | apex_protection_storage | - | |
| dell | dd3300 | - | |
| dell | dd6400 | - | |
| dell | dd6900 | - | |
| dell | dd9400 | - | |
| dell | dd9410 | - | |
| dell | dd9900 | - | |
| dell | dd9910 | - | |
| dell | data_domain_operating_system | * | |
| dell | dm5500 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "6BD07CAF-9671-475C-810D-1BFBFA881E09", versionEndExcluding: "7.7.5.40", versionStartIncluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "28F4339F-F4B0-479A-B300-ADB987171B31", versionEndExcluding: "7.10.1.30", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "8EF3066F-F378-4AA6-B50C-B33C22C57492", versionEndExcluding: "7.13.1.0", versionStartIncluding: "7.11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:dell:apex_protection_storage:-:*:*:*:in-cloud:*:*:*", matchCriteriaId: "83DBF4F3-791C-48A2-B37E-6B3F6177B470", vulnerable: false, }, { criteria: "cpe:2.3:a:dell:apex_protection_storage:-:*:*:*:on-premises:*:*:*", matchCriteriaId: "D007B2BB-082B-4D33-A6A1-77714341C75C", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd3300:-:*:*:*:*:*:*:*", matchCriteriaId: "AA4D9616-4482-4173-9507-6B8EC15F3521", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd6400:-:*:*:*:*:*:*:*", matchCriteriaId: "4A81372F-E8DC-49AB-AC12-700F76D4C2C6", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd6900:-:*:*:*:*:*:*:*", matchCriteriaId: "5525030D-2AA9-4AB6-8B15-D09214C1834E", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd9400:-:*:*:*:*:*:*:*", matchCriteriaId: "4C08E46D-6795-46DB-BA6C-548D7B8EBFA5", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd9410:-:*:*:*:*:*:*:*", matchCriteriaId: "F820D2BB-4773-4B2F-BC50-9474B44DB8F6", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd9900:-:*:*:*:*:*:*:*", matchCriteriaId: "105F8F20-3EB3-49E7-82BE-3A5742EAA51E", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd9910:-:*:*:*:*:*:*:*", matchCriteriaId: "84F58819-777E-43C1-B1EA-FFD7CDF79234", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "D655A40E-7358-4E29-BDC6-8CC2E8BA1D63", versionEndExcluding: "5.16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:dm5500:-:*:*:*:*:*:*:*", matchCriteriaId: "5B15806F-F6F1-4B26-921C-FE7620B3539F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.", }, { lang: "es", value: "Dell PowerProtect DD, versiones anteriores a 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contienen una vulnerabilidad de desbordamiento del búfer. Un atacante remoto con pocos privilegios podría explotar esta vulnerabilidad, lo que provocaría un bloqueo de la aplicación o la ejecución de código arbitrario en el sistema operativo subyacente de la aplicación vulnerable con los privilegios de la aplicación vulnerable.", }, ], id: "CVE-2024-29176", lastModified: "2024-11-21T09:07:43.800", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-26T03:15:10.533", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "security_alert@emc.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-26 03:15
Modified
2025-02-03 15:08
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "51B3D8A3-950B-4D4E-9E4D-7D1ADE791C93", versionEndIncluding: "7.13", versionStartIncluding: "7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:dell:apex_protection_storage:-:*:*:*:in-cloud:*:*:*", matchCriteriaId: "83DBF4F3-791C-48A2-B37E-6B3F6177B470", vulnerable: false, }, { criteria: "cpe:2.3:a:dell:apex_protection_storage:-:*:*:*:on-premises:*:*:*", matchCriteriaId: "D007B2BB-082B-4D33-A6A1-77714341C75C", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd3300:-:*:*:*:*:*:*:*", matchCriteriaId: "AA4D9616-4482-4173-9507-6B8EC15F3521", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd6400:-:*:*:*:*:*:*:*", matchCriteriaId: "4A81372F-E8DC-49AB-AC12-700F76D4C2C6", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd6900:-:*:*:*:*:*:*:*", matchCriteriaId: "5525030D-2AA9-4AB6-8B15-D09214C1834E", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd9400:-:*:*:*:*:*:*:*", matchCriteriaId: "4C08E46D-6795-46DB-BA6C-548D7B8EBFA5", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd9410:-:*:*:*:*:*:*:*", matchCriteriaId: "F820D2BB-4773-4B2F-BC50-9474B44DB8F6", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd9900:-:*:*:*:*:*:*:*", matchCriteriaId: "105F8F20-3EB3-49E7-82BE-3A5742EAA51E", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:dd9910:-:*:*:*:*:*:*:*", matchCriteriaId: "84F58819-777E-43C1-B1EA-FFD7CDF79234", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "D655A40E-7358-4E29-BDC6-8CC2E8BA1D63", versionEndExcluding: "5.16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:dm5500:-:*:*:*:*:*:*:*", matchCriteriaId: "5B15806F-F6F1-4B26-921C-FE7620B3539F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client.", }, { lang: "es", value: "Dell PowerProtect DD, versiones anteriores a 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contienen una vulnerabilidad de Server Side Request Forgery (SSRF). Un atacante remoto con altos privilegios podría explotar esta vulnerabilidad, lo que llevaría a la divulgación de información sobre la aplicación o el cliente remoto.", }, ], id: "CVE-2024-29173", lastModified: "2025-02-03T15:08:59.513", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 4, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-26T03:15:09.877", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "security_alert@emc.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-26 03:15
Modified
2024-11-21 09:07
Severity ?
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Summary
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain unauthorized access to the application report.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "C6A0B6C8-491A-46F2-A330-15000DE501BA", versionEndExcluding: "7.7.5.40", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "28F4339F-F4B0-479A-B300-ADB987171B31", versionEndExcluding: "7.10.1.30", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "8EF3066F-F378-4AA6-B50C-B33C22C57492", versionEndExcluding: "7.13.1.0", versionStartIncluding: "7.11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain unauthorized access to the application report.", }, { lang: "es", value: "Dell PowerProtect DD, versiones anteriores a 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contienen una divulgación de vulnerabilidad de información confidencial temporal. Un atacante remoto con privilegios elevados podría explotar esta vulnerabilidad, lo que llevaría a la reutilización de la información divulgada para obtener acceso no autorizado al informe de la aplicación.", }, ], id: "CVE-2024-29177", lastModified: "2024-11-21T09:07:43.943", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-26T03:15:10.767", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-532", }, ], source: "security_alert@emc.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-26 04:15
Modified
2024-11-21 09:23
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "C6A0B6C8-491A-46F2-A330-15000DE501BA", versionEndExcluding: "7.7.5.40", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "28F4339F-F4B0-479A-B300-ADB987171B31", versionEndExcluding: "7.10.1.30", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "8EF3066F-F378-4AA6-B50C-B33C22C57492", versionEndExcluding: "7.13.1.0", versionStartIncluding: "7.11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.", }, { lang: "es", value: "Dell PowerProtect DD, versiones anteriores a 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contienen una vulnerabilidad de inyección de comandos del sistema operativo en una operación de administración. Un atacante remoto con pocos privilegios podría explotar esta vulnerabilidad, lo que llevaría a la ejecución de comandos arbitrarios del sistema operativo en el sistema operativo subyacente de la aplicación del sistema con los privilegios de la aplicación vulnerable. La explotación puede llevar a que un atacante se apodere del sistema.", }, ], id: "CVE-2024-37140", lastModified: "2024-11-21T09:23:17.183", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-26T04:15:13.667", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "security_alert@emc.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-08 03:15
Modified
2024-11-26 02:10
Severity ?
6.8 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Summary
Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to unauthorized execution of certain commands to overwrite system config of the application. Exploitation may lead to denial of service of system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "1E86CC1B-4C24-46D7-BC2D-F42E47A13E66", versionEndExcluding: "7.7.5.50", versionStartIncluding: "7.7.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "581408C7-9067-41F9-AA9C-E58ECA0EE006", versionEndExcluding: "7.10.1.40", versionStartIncluding: "7.10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "D65074E3-083E-4010-8E66-2A256155311A", versionEndExcluding: "7.13.1.10", versionStartIncluding: "7.13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "45B0DE69-722F-4180-B4A7-24D002B3035C", versionEndExcluding: "8.1.0.0", versionStartIncluding: "8.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to unauthorized execution of certain commands to overwrite system config of the application. Exploitation may lead to denial of service of system.", }, { lang: "es", value: "Dell PowerProtect Data Domain, versiones anteriores a 8.1.0.0, 7.13.1.10, 7.10.1.40 y 7.7.5.50, contiene una vulnerabilidad de escalada de privilegios. Un atacante local con pocos privilegios podría aprovechar esta vulnerabilidad, lo que provocaría la ejecución no autorizada de determinados comandos para sobrescribir la configuración del sistema de la aplicación. La explotación puede provocar la denegación de servicio del sistema.", }, ], id: "CVE-2024-45759", lastModified: "2024-11-26T02:10:03.923", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.3, impactScore: 5.5, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-11-08T03:15:03.647", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000245360/dsa-2024-424-security-update-for-dell-pdsa-2024-424-security-update-for-dell-powerprotect-dd-vulnerabilityowerprotect-dd-vulnerability", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-266", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-26 04:15
Modified
2024-11-21 09:23
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource constraint of system application. Exploitation may lead to denial of service of the application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "C6A0B6C8-491A-46F2-A330-15000DE501BA", versionEndExcluding: "7.7.5.40", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "28F4339F-F4B0-479A-B300-ADB987171B31", versionEndExcluding: "7.10.1.30", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "8EF3066F-F378-4AA6-B50C-B33C22C57492", versionEndExcluding: "7.13.1.0", versionStartIncluding: "7.11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource constraint of system application. Exploitation may lead to denial of service of the application.", }, { lang: "es", value: "Dell PowerProtect DD, versiones anteriores a 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contienen una vulnerabilidad de control inadecuado de un recurso durante su vida útil en una operación de administración. Un atacante remoto con pocos privilegios podría explotar esta vulnerabilidad, lo que provocaría una limitación temporal de recursos de la aplicación del sistema. La explotación puede dar lugar a la denegación del servicio de la aplicación.", }, ], id: "CVE-2024-37139", lastModified: "2024-11-21T09:23:17.037", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-26T04:15:13.350", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-664", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-26 03:15
Modified
2024-11-21 09:07
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "C6A0B6C8-491A-46F2-A330-15000DE501BA", versionEndExcluding: "7.7.5.40", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "28F4339F-F4B0-479A-B300-ADB987171B31", versionEndExcluding: "7.10.1.30", versionStartIncluding: "7.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "8EF3066F-F378-4AA6-B50C-B33C22C57492", versionEndExcluding: "7.13.1.0", versionStartIncluding: "7.11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data.", }, { lang: "es", value: "Dell Data Domain, versiones anteriores a 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contienen una vulnerabilidad de inyección SQL. Un atacante local con pocos privilegios podría explotar esta vulnerabilidad, lo que llevaría a la ejecución de ciertos comandos SQL en la base de datos backend de la aplicación, lo que provocaría un acceso no autorizado a los datos de la aplicación.", }, ], id: "CVE-2024-29174", lastModified: "2024-11-21T09:07:43.507", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 2.5, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-26T03:15:10.100", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "security_alert@emc.com", type: "Primary", }, ], }
cve-2024-29176
Vulnerability from cvelistv5
Published
2024-06-26 02:37
Modified
2024-10-30 13:29
Severity ?
EPSS score ?
Summary
Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: 7.0 ≤ 7.13 Version: N/A ≤ Version: N/A ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:dell:powerprotect_dd:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "powerprotect_dd", vendor: "dell", versions: [ { lessThanOrEqual: "7.13", status: "affected", version: "7.0", versionType: "semver", }, { lessThan: "2.7.7", status: "affected", version: "0", versionType: "semver", }, { lessThan: "5.16.0.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-29176", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T15:30:17.062826Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-03T13:36:36.074Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:10:54.073Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PowerProtect DD", vendor: "Dell", versions: [ { lessThanOrEqual: "7.13", status: "affected", version: "7.0", versionType: "semver", }, { lessThan: "2.7.7", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "5.16.0.0", status: "affected", version: "N/A", versionType: "semver", }, ], }, ], datePublic: "2024-06-24T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.", }, ], value: "Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-30T13:29:57.031Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-29176", datePublished: "2024-06-26T02:37:54.785Z", dateReserved: "2024-03-18T08:44:18.924Z", dateUpdated: "2024-10-30T13:29:57.031Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48011
Vulnerability from cvelistv5
Published
2024-11-08 02:30
Modified
2024-11-08 15:57
Severity ?
EPSS score ?
Summary
Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: N/A ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-48011", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T15:57:03.582740Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T15:57:13.659Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PowerProtect DD", vendor: "Dell", versions: [ { lessThan: "7.7.5.50", status: "affected", version: "N/A", versionType: "semver", }, ], }, ], datePublic: "2024-11-06T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.", }, ], value: "Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-08T02:30:27.068Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000245360/dsa-2024-424-security-update-for-dell-pdsa-2024-424-security-update-for-dell-powerprotect-dd-vulnerabilityowerprotect-dd-vulnerability", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-48011", datePublished: "2024-11-08T02:30:27.068Z", dateReserved: "2024-10-08T05:40:53.868Z", dateUpdated: "2024-11-08T15:57:13.659Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37139
Vulnerability from cvelistv5
Published
2024-06-26 03:38
Modified
2024-08-02 03:50
Severity ?
EPSS score ?
Summary
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource constraint of system application. Exploitation may lead to denial of service of the application.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: N/A ≤ Version: N/A ≤ Version: 7.0 ≤ 7.13 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37139", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T13:19:16.878748Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-26T13:19:29.262Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:55.487Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PowerProtect DD", vendor: "Dell", versions: [ { lessThan: "5.16.0.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "2.7.7", status: "affected", version: "N/A", versionType: "semver", }, { lessThanOrEqual: "7.13", status: "affected", version: "7.0", versionType: "semver", }, ], }, ], datePublic: "2024-06-24T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource constraint of system application. Exploitation may lead to denial of service of the application.", }, ], value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource constraint of system application. Exploitation may lead to denial of service of the application.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-664", description: "CWE-664: Improper Control of a Resource Through its Lifetime", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-26T03:38:45.473Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-37139", datePublished: "2024-06-26T03:38:45.473Z", dateReserved: "2024-06-03T12:10:32.206Z", dateUpdated: "2024-08-02T03:50:55.487Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-51534
Vulnerability from cvelistv5
Published
2025-02-01 04:02
Modified
2025-02-12 20:41
Severity ?
EPSS score ?
Summary
Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: 7.7.1.0 ≤ 8.1.0.10 Version: 7.7.1.0 ≤ 7.13.1.10 Version: 7.7.1.0 ≤ 7.10.1.40 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-51534", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-03T15:47:52.328743Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T20:41:39.859Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PowerProtect DD", vendor: "Dell", versions: [ { lessThanOrEqual: "8.1.0.10", status: "affected", version: "7.7.1.0", versionType: "semver", }, { lessThanOrEqual: "7.13.1.10", status: "affected", version: "7.7.1.0", versionType: "semver", }, { lessThanOrEqual: "7.10.1.40", status: "affected", version: "7.7.1.0", versionType: "semver", }, ], }, ], datePublic: "2025-01-30T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service.<br>", }, ], value: "Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-29", description: "CWE-29: Path Traversal: '\\..\\filename'", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-01T04:02:24.954Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-51534", datePublished: "2025-02-01T04:02:24.954Z", dateReserved: "2024-10-29T05:03:58.392Z", dateUpdated: "2025-02-12T20:41:39.859Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29175
Vulnerability from cvelistv5
Published
2024-06-26 03:03
Modified
2024-08-02 01:10
Severity ?
EPSS score ?
Summary
Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: 7.0 ≤ 7.13 Version: N/A ≤ Version: N/A ≤ Version: 7.8 ≤ 7.13 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:dell:powerprotect_dd:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "powerprotect_dd", vendor: "dell", versions: [ { lessThanOrEqual: "7.13", status: "affected", version: "7.0", versionType: "semver", }, { lessThan: "2.7.7", status: "affected", version: "0", versionType: "semver", }, { lessThan: "5.16.0.0", status: "affected", version: "0", versionType: "semver", }, { lessThanOrEqual: "7.13", status: "affected", version: "7.8", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-29175", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T15:11:41.076013Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T15:17:48.750Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:10:54.627Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PowerProtect DD", vendor: "Dell", versions: [ { lessThanOrEqual: "7.13", status: "affected", version: "7.0", versionType: "semver", }, { lessThan: "2.7.7", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "5.16.0.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThanOrEqual: "7.13", status: "affected", version: "7.8", versionType: "semver", }, ], }, ], datePublic: "2024-06-24T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information.", }, ], value: "Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-327", description: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-26T03:03:06.155Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-29175", datePublished: "2024-06-26T03:03:06.155Z", dateReserved: "2024-03-18T08:44:18.923Z", dateUpdated: "2024-08-02T01:10:54.627Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37140
Vulnerability from cvelistv5
Published
2024-06-26 03:54
Modified
2024-08-02 03:50
Severity ?
EPSS score ?
Summary
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: 7.0 ≤ 7.13 Version: N/A ≤ Version: N/A ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:dell:powerprotect_dd:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "powerprotect_dd", vendor: "dell", versions: [ { lessThanOrEqual: "7.13", status: "affected", version: "7.0", versionType: "semver", }, { lessThan: "2.7.7", status: "affected", version: "0", versionType: "semver", }, { lessThan: "5.16.0.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-37140", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T14:38:33.257609Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-26T14:49:39.900Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:54.530Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PowerProtect DD", vendor: "Dell", versions: [ { lessThanOrEqual: "7.13", status: "affected", version: "7.0", versionType: "semver", }, { lessThan: "2.7.7", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "5.16.0.0", status: "affected", version: "N/A", versionType: "semver", }, ], }, ], datePublic: "2024-06-24T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.", }, ], value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-26T03:54:38.461Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-37140", datePublished: "2024-06-26T03:54:38.461Z", dateReserved: "2024-06-03T12:10:32.206Z", dateUpdated: "2024-08-02T03:50:54.530Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29177
Vulnerability from cvelistv5
Published
2024-06-26 02:46
Modified
2024-08-02 01:10
Severity ?
EPSS score ?
Summary
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain unauthorized access to the application report.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: 7.0 ≤ 7.13 Version: N/A ≤ Version: N/A ≤ Version: 7.8 ≤ 7.13 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29177", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T19:05:17.020326Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-26T19:05:23.225Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:10:54.086Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PowerProtect DD", vendor: "Dell", versions: [ { lessThanOrEqual: "7.13", status: "affected", version: "7.0", versionType: "semver", }, { lessThan: "2.7.7", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "5.16.0.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThanOrEqual: "7.13", status: "affected", version: "7.8", versionType: "semver", }, ], }, ], datePublic: "2024-06-24T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain unauthorized access to the application report.", }, ], value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain unauthorized access to the application report.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532: Insertion of Sensitive Information into Log File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-26T02:46:55.073Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-29177", datePublished: "2024-06-26T02:46:55.073Z", dateReserved: "2024-03-18T08:44:18.924Z", dateUpdated: "2024-08-02T01:10:54.086Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37138
Vulnerability from cvelistv5
Published
2024-06-26 03:24
Modified
2024-08-02 03:50
Severity ?
EPSS score ?
Summary
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: 7.0 ≤ 7.13 Version: 7.8 ≤ 7.13 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37138", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T17:35:32.470798Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-26T17:42:52.419Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:55.311Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PowerProtect DD", vendor: "Dell", versions: [ { lessThanOrEqual: "7.13", status: "affected", version: "7.0", versionType: "semver", }, { lessThanOrEqual: "7.13", status: "affected", version: "7.8", versionType: "semver", }, ], }, ], datePublic: "2024-06-24T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system.", }, ], value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-23", description: "CWE-23: Relative Path Traversal", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-26T03:24:40.504Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-37138", datePublished: "2024-06-26T03:24:40.504Z", dateReserved: "2024-06-03T12:10:32.206Z", dateUpdated: "2024-08-02T03:50:55.311Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29173
Vulnerability from cvelistv5
Published
2024-06-26 02:51
Modified
2024-08-02 01:10
Severity ?
EPSS score ?
Summary
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: 7.0 ≤ 7.13 Version: N/A ≤ Version: N/A ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29173", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T13:51:50.695281Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-26T13:51:57.600Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:10:54.471Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PowerProtect DD", vendor: "Dell", versions: [ { lessThanOrEqual: "7.13", status: "affected", version: "7.0", versionType: "semver", }, { lessThan: "2.7.7", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "5.16.0.0", status: "affected", version: "N/A", versionType: "semver", }, ], }, ], datePublic: "2024-06-24T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client.", }, ], value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918: Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-26T02:51:56.989Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-29173", datePublished: "2024-06-26T02:51:56.989Z", dateReserved: "2024-03-18T08:44:18.923Z", dateUpdated: "2024-08-02T01:10:54.471Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37141
Vulnerability from cvelistv5
Published
2024-06-26 04:00
Modified
2024-08-02 03:50
Severity ?
EPSS score ?
Summary
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: 7.0 ≤ 7.13 Version: N/A ≤ Version: N/A ≤ Version: 7.8 ≤ 7.13 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37141", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T13:51:27.416210Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-26T13:51:36.659Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:54.576Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PowerProtect DD", vendor: "Dell", versions: [ { lessThanOrEqual: "7.13", status: "affected", version: "7.0", versionType: "semver", }, { lessThan: "2.7.7", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "5.16.0.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThanOrEqual: "7.13", status: "affected", version: "7.8", versionType: "semver", }, ], }, ], datePublic: "2024-06-24T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.", }, ], value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-601", description: "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-26T04:00:34.863Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-37141", datePublished: "2024-06-26T04:00:34.863Z", dateReserved: "2024-06-03T12:10:32.206Z", dateUpdated: "2024-08-02T03:50:54.576Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-53295
Vulnerability from cvelistv5
Published
2025-02-01 04:12
Modified
2025-02-04 20:55
Severity ?
EPSS score ?
Summary
Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: 7.7.1.0 ≤ 8.1.0.10 Version: 7.13.1.0 ≤ 7.13.1.10 Version: 7.10.1.0 ≤ 7.10.1.40 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-53295", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T20:54:55.330100Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-04T20:55:08.939Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PowerProtect DD", vendor: "Dell", versions: [ { lessThanOrEqual: "8.1.0.10", status: "affected", version: "7.7.1.0", versionType: "semver", }, { lessThanOrEqual: "7.13.1.10", status: "affected", version: "7.13.1.0", versionType: "semver", }, { lessThanOrEqual: "7.10.1.40", status: "affected", version: "7.10.1.0", versionType: "semver", }, ], }, ], datePublic: "2025-01-30T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.<br>", }, ], value: "Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1220", description: "CWE-1220: Insufficient Granularity of Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-01T04:12:10.402Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-53295", datePublished: "2025-02-01T04:12:10.402Z", dateReserved: "2024-11-20T06:05:04.567Z", dateUpdated: "2025-02-04T20:55:08.939Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28973
Vulnerability from cvelistv5
Published
2024-06-26 02:31
Modified
2024-08-02 01:03
Severity ?
EPSS score ?
Summary
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: 7.0 ≤ 7.13 Version: N/A ≤ Version: N/A ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28973", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T13:22:14.553956Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-26T13:22:25.495Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.253Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PowerProtect DD", vendor: "Dell", versions: [ { lessThanOrEqual: "7.13", status: "affected", version: "7.0", versionType: "semver", }, { lessThan: "2.7.7", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "5.16.0.0", status: "affected", version: "N/A", versionType: "semver", }, ], }, ], datePublic: "2024-06-24T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery", }, ], value: "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-26T02:31:10.767Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-28973", datePublished: "2024-06-26T02:31:10.767Z", dateReserved: "2024-03-13T15:44:22.627Z", dateUpdated: "2024-08-02T01:03:51.253Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-53296
Vulnerability from cvelistv5
Published
2025-02-01 03:56
Modified
2025-02-12 20:51
Severity ?
EPSS score ?
Summary
Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: 7.13.1.0 ≤ 7.13.1.10 Version: 7.10.1.0 ≤ 7.10.1.40 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-53296", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-03T15:48:35.858892Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T20:51:22.499Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PowerProtect DD", vendor: "Dell", versions: [ { lessThanOrEqual: "7.13.1.10", status: "affected", version: "7.13.1.0", versionType: "semver", }, { lessThanOrEqual: "7.10.1.40", status: "affected", version: "7.10.1.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Dell would like to thank zzcentury for reporting this issue.", }, ], datePublic: "2025-01-30T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.<br>", }, ], value: "Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-01T03:56:38.147Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-53296", datePublished: "2025-02-01T03:56:38.147Z", dateReserved: "2024-11-20T06:05:04.568Z", dateUpdated: "2025-02-12T20:51:22.499Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-22475
Vulnerability from cvelistv5
Published
2025-02-04 02:19
Modified
2025-02-04 16:42
Severity ?
EPSS score ?
Summary
Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: 7.7.1.0 ≤ 8.1.0.10 Version: 7.13.1.0 ≤ 7.13.1.10 Version: 7.10.1.0 ≤ 7.10.1.40 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-22475", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T16:42:22.941168Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-04T16:42:52.826Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PowerProtect DD", vendor: "Dell", versions: [ { lessThanOrEqual: "8.1.0.10", status: "affected", version: "7.7.1.0", versionType: "semver", }, { lessThanOrEqual: "7.13.1.10", status: "affected", version: "7.13.1.0", versionType: "semver", }, { lessThanOrEqual: "7.10.1.40", status: "affected", version: "7.10.1.0", versionType: "semver", }, ], }, ], datePublic: "2025-01-31T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.<br>", }, ], value: "Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1240", description: "CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T02:19:38.433Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2025-22475", datePublished: "2025-02-04T02:19:38.433Z", dateReserved: "2025-01-07T06:04:12.135Z", dateUpdated: "2025-02-04T16:42:52.826Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45759
Vulnerability from cvelistv5
Published
2024-11-08 02:48
Modified
2024-11-08 15:56
Severity ?
EPSS score ?
Summary
Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to unauthorized execution of certain commands to overwrite system config of the application. Exploitation may lead to denial of service of system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: 7.7.1 ≤ 8.0.0.0 Version: N/A ≤ Version: N/A ≤ Version: N/A ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45759", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T15:56:43.217523Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T15:56:51.934Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PowerProtect DD", vendor: "Dell", versions: [ { lessThanOrEqual: "8.0.0.0", status: "affected", version: "7.7.1", versionType: "semver", }, { lessThan: "7.13.1.10", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "7.10.1.40", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "7.7.5.50", status: "affected", version: "N/A", versionType: "semver", }, ], }, ], datePublic: "2024-11-06T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to unauthorized execution of certain commands to overwrite system config of the application. Exploitation may lead to denial of service of system.", }, ], value: "Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to unauthorized execution of certain commands to overwrite system config of the application. Exploitation may lead to denial of service of system.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266: Incorrect Privilege Assignment", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-08T02:49:40.726Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000245360/dsa-2024-424-security-update-for-dell-pdsa-2024-424-security-update-for-dell-powerprotect-dd-vulnerabilityowerprotect-dd-vulnerability", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-45759", datePublished: "2024-11-08T02:48:42.259Z", dateReserved: "2024-09-06T06:30:30.480Z", dateUpdated: "2024-11-08T15:56:51.934Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48010
Vulnerability from cvelistv5
Published
2024-11-08 03:01
Modified
2024-11-08 15:56
Severity ?
EPSS score ?
Summary
Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: 7.7.1 ≤ 8.0.0.0 Version: N/A ≤ Version: N/A ≤ Version: N/A ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:*:*:*:*", "cpe:2.3:a:dell:apex_protection_storage:*:*:*:*:*:*:*:*", "cpe:2.3:a:dell:powerprotect_data_domain:-:*:*:*:virtual:*:*:*", "cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:*:*:*:*", "cpe:2.3:a:dell:powerprotect_data_domain_management_center:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "powerprotect_data_domain_management_center", vendor: "dell", versions: [ { lessThan: "7.13.1.10", status: "affected", version: "7.13", versionType: "semver", }, { lessThan: "7.10.1.40", status: "affected", version: "7.10", versionType: "semver", }, { lessThan: "7.7.5.50", status: "affected", version: "7.7", versionType: "semver", }, { lessThanOrEqual: "8.0.0.0", status: "affected", version: "7.7.1", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-48010", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T14:39:27.260279Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T15:56:27.836Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PowerProtect DD", vendor: "Dell", versions: [ { lessThanOrEqual: "8.0.0.0", status: "affected", version: "7.7.1", versionType: "semver", }, { lessThan: "7.13.1.10", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "7.10.1.40", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "7.7.5.50", status: "affected", version: "N/A", versionType: "semver", }, ], }, ], datePublic: "2024-11-06T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application.", }, ], value: "Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-08T03:01:01.903Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000245360/dsa-2024-424-security-update-for-dell-pdsa-2024-424-security-update-for-dell-powerprotect-dd-vulnerabilityowerprotect-dd-vulnerability", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-48010", datePublished: "2024-11-08T03:01:01.903Z", dateReserved: "2024-10-08T05:40:53.868Z", dateUpdated: "2024-11-08T15:56:27.836Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29174
Vulnerability from cvelistv5
Published
2024-06-26 02:57
Modified
2024-08-02 01:10
Severity ?
EPSS score ?
Summary
Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: 7.0 ≤ 7.13 Version: 7.8 ≤ 7.13 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29174", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T13:31:50.817888Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-26T13:31:57.460Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:10:54.083Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PowerProtect DD", vendor: "Dell", versions: [ { lessThanOrEqual: "7.13", status: "affected", version: "7.0", versionType: "semver", }, { lessThanOrEqual: "7.13", status: "affected", version: "7.8", versionType: "semver", }, ], }, ], datePublic: "2024-06-24T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data.", }, ], value: "Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-26T02:57:41.758Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-29174", datePublished: "2024-06-26T02:57:41.758Z", dateReserved: "2024-03-18T08:44:18.923Z", dateUpdated: "2024-08-02T01:10:54.083Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }