CVE-2023-44284 — SQL Injection in Dell Apex Protection Storage

CWE-89 — SQL Injection3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 53.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Apex Protection Storage Dell EMC Data Domain OS Dell Powerprotect Data Domain +3 more

Timeline

PublishedDec 14

Description

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized read access to application data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages6 packages

▶NVDdell/powerprotect_data_domain7.0 — 7.12.0.0+1

▶NVDdell/powerprotect_data_protection< 2.7.6

▶NVDdell/powerprotect_data_domain_management_center7.0 — 7.13.0.10+3

▶NVDdell/emc_data_domain_os7.0 — 7.12.0.0+3

▶CVEListV5dell/powerprotect_ddVersions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110

🔴Vulnerability Details

GHSA

GHSA-jrpf-6vp7-r4m2: Dell PowerProtect DD , versions prior to 7↗2023-12-14

▶

CVEList

CVE-2023-44284: Dell PowerProtect DD , versions prior to 7↗2023-12-14

▶