Vulnerabilites related to dell - dd9410
cve-2024-29173
Vulnerability from cvelistv5
Published
2024-06-26 02:51
Modified
2024-08-02 01:10
Severity ?
EPSS score ?
Summary
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: 7.0 ≤ 7.13 Version: N/A ≤ Version: N/A ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29173",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T13:51:50.695281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T13:51:57.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:54.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerProtect DD",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "7.13",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThan": "2.7.7",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "5.16.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-06-24T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client."
}
],
"value": "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T02:51:56.989Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-29173",
"datePublished": "2024-06-26T02:51:56.989Z",
"dateReserved": "2024-03-18T08:44:18.923Z",
"dateUpdated": "2024-08-02T01:10:54.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-28973
Vulnerability from cvelistv5
Published
2024-06-26 02:31
Modified
2024-08-02 01:03
Severity ?
EPSS score ?
Summary
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: 7.0 ≤ 7.13 Version: N/A ≤ Version: N/A ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T13:22:14.553956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T13:22:25.495Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerProtect DD",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "7.13",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThan": "2.7.7",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "5.16.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-06-24T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery"
}
],
"value": "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T02:31:10.767Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-28973",
"datePublished": "2024-06-26T02:31:10.767Z",
"dateReserved": "2024-03-13T15:44:22.627Z",
"dateUpdated": "2024-08-02T01:03:51.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-29176
Vulnerability from cvelistv5
Published
2024-06-26 02:37
Modified
2024-10-30 13:29
Severity ?
EPSS score ?
Summary
Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerProtect DD |
Version: 7.0 ≤ 7.13 Version: N/A ≤ Version: N/A ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:dell:powerprotect_dd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "powerprotect_dd",
"vendor": "dell",
"versions": [
{
"lessThanOrEqual": "7.13",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThan": "2.7.7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "5.16.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T15:30:17.062826Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T13:36:36.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:54.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerProtect DD",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "7.13",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThan": "2.7.7",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "5.16.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-06-24T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution."
}
],
"value": "Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T13:29:57.031Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-29176",
"datePublished": "2024-06-26T02:37:54.785Z",
"dateReserved": "2024-03-18T08:44:18.924Z",
"dateUpdated": "2024-10-30T13:29:57.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-06-26 03:15
Modified
2024-11-21 09:07
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | apex_protection_storage | - | |
| dell | apex_protection_storage | - | |
| dell | dd3300 | - | |
| dell | dd6400 | - | |
| dell | dd6900 | - | |
| dell | dd9400 | - | |
| dell | dd9410 | - | |
| dell | dd9900 | - | |
| dell | dd9910 | - | |
| dell | data_domain_operating_system | * | |
| dell | dm5500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD07CAF-9671-475C-810D-1BFBFA881E09",
"versionEndExcluding": "7.7.5.40",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28F4339F-F4B0-479A-B300-ADB987171B31",
"versionEndExcluding": "7.10.1.30",
"versionStartIncluding": "7.8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF3066F-F378-4AA6-B50C-B33C22C57492",
"versionEndExcluding": "7.13.1.0",
"versionStartIncluding": "7.11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:apex_protection_storage:-:*:*:*:in-cloud:*:*:*",
"matchCriteriaId": "83DBF4F3-791C-48A2-B37E-6B3F6177B470",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:dell:apex_protection_storage:-:*:*:*:on-premises:*:*:*",
"matchCriteriaId": "D007B2BB-082B-4D33-A6A1-77714341C75C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd3300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4D9616-4482-4173-9507-6B8EC15F3521",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A81372F-E8DC-49AB-AC12-700F76D4C2C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd6900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5525030D-2AA9-4AB6-8B15-D09214C1834E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd9400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C08E46D-6795-46DB-BA6C-548D7B8EBFA5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd9410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F820D2BB-4773-4B2F-BC50-9474B44DB8F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd9900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "105F8F20-3EB3-49E7-82BE-3A5742EAA51E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84F58819-777E-43C1-B1EA-FFD7CDF79234",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D655A40E-7358-4E29-BDC6-8CC2E8BA1D63",
"versionEndExcluding": "5.16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:dm5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B15806F-F6F1-4B26-921C-FE7620B3539F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution."
},
{
"lang": "es",
"value": "Dell PowerProtect DD, versiones anteriores a 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contienen una vulnerabilidad de desbordamiento del b\u00fafer. Un atacante remoto con pocos privilegios podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda un bloqueo de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario en el sistema operativo subyacente de la aplicaci\u00f3n vulnerable con los privilegios de la aplicaci\u00f3n vulnerable."
}
],
"id": "CVE-2024-29176",
"lastModified": "2024-11-21T09:07:43.800",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-26T03:15:10.533",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security_alert@emc.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-26 03:15
Modified
2025-02-03 15:08
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51B3D8A3-950B-4D4E-9E4D-7D1ADE791C93",
"versionEndIncluding": "7.13",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:apex_protection_storage:-:*:*:*:in-cloud:*:*:*",
"matchCriteriaId": "83DBF4F3-791C-48A2-B37E-6B3F6177B470",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:dell:apex_protection_storage:-:*:*:*:on-premises:*:*:*",
"matchCriteriaId": "D007B2BB-082B-4D33-A6A1-77714341C75C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd3300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4D9616-4482-4173-9507-6B8EC15F3521",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A81372F-E8DC-49AB-AC12-700F76D4C2C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd6900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5525030D-2AA9-4AB6-8B15-D09214C1834E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd9400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C08E46D-6795-46DB-BA6C-548D7B8EBFA5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd9410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F820D2BB-4773-4B2F-BC50-9474B44DB8F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd9900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "105F8F20-3EB3-49E7-82BE-3A5742EAA51E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84F58819-777E-43C1-B1EA-FFD7CDF79234",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D655A40E-7358-4E29-BDC6-8CC2E8BA1D63",
"versionEndExcluding": "5.16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:dm5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B15806F-F6F1-4B26-921C-FE7620B3539F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client."
},
{
"lang": "es",
"value": "Dell PowerProtect DD, versiones anteriores a 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contienen una vulnerabilidad de Server Side Request Forgery (SSRF). Un atacante remoto con altos privilegios podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la divulgaci\u00f3n de informaci\u00f3n sobre la aplicaci\u00f3n o el cliente remoto."
}
],
"id": "CVE-2024-29173",
"lastModified": "2025-02-03T15:08:59.513",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-26T03:15:09.877",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-26 03:15
Modified
2025-02-03 14:59
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51B3D8A3-950B-4D4E-9E4D-7D1ADE791C93",
"versionEndIncluding": "7.13",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:dd3300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4D9616-4482-4173-9507-6B8EC15F3521",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A81372F-E8DC-49AB-AC12-700F76D4C2C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd6900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5525030D-2AA9-4AB6-8B15-D09214C1834E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd9400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C08E46D-6795-46DB-BA6C-548D7B8EBFA5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd9410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F820D2BB-4773-4B2F-BC50-9474B44DB8F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd9900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "105F8F20-3EB3-49E7-82BE-3A5742EAA51E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:dd9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84F58819-777E-43C1-B1EA-FFD7CDF79234",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D655A40E-7358-4E29-BDC6-8CC2E8BA1D63",
"versionEndExcluding": "5.16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:dm5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B15806F-F6F1-4B26-921C-FE7620B3539F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery"
},
{
"lang": "es",
"value": "Dell PowerProtect DD, versiones anteriores a 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contienen una vulnerabilidad de Cross-Site Scripting Almacenado. Un atacante remoto con altos privilegios podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda al almacenamiento de c\u00f3digos HTML o JavaScript maliciosos en un almac\u00e9n de datos de aplicaciones confiable. Cuando un usuario v\u00edctima con altos privilegios accede al almac\u00e9n de datos a trav\u00e9s de sus navegadores, el navegador web ejecuta el c\u00f3digo malicioso en el contexto de la aplicaci\u00f3n web vulnerable. La explotaci\u00f3n puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n, el robo de sesiones o la falsificaci\u00f3n de solicitudes por parte del cliente."
}
],
"id": "CVE-2024-28973",
"lastModified": "2025-02-03T14:59:08.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-26T03:15:09.640",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
}
]
}