CVE-2022-45102 — Improper Neutralization of HTTP Headers for Scripting Syntax in Dell EMC Data Protection Central

CWE-644 — Improper Neutralization of HTTP Headers for Scripting Syntax CWE-116 — Improper Encoding or Escaping of Output3 documents3 sources

Severity

6.1MEDIUMNVD

CNA5.4

EPSS

0.4%

top 36.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell EMC Data Protection Central Dell Data Protection Central Dell Dp4400 Firmware +1 more

Timeline

PublishedFeb 1

Description

Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web cache or trigger redirections.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶NVDdell/emc_data_protection_central19.1 — 19.8

▶CVEListV5dell/data_protection_central19.1 — 19.7

▶NVDdell/dp4400_firmware2.5 — 2.7

▶NVDdell/dp5900_firmware2.5 — 2.7

🔴Vulnerability Details

CVEList

CVE-2022-45102: Dell EMC Data Protection Central, versions 19↗2023-02-01

▶

GHSA

GHSA-vhfp-p9xr-gg6w: Dell EMC Data Protection Central, versions 19↗2023-02-01

▶