CVE-2024-29173 — Server-Side Request Forgery in Dell Powerprotect DD

CWE-918 — Server-Side Request Forgery3 documents3 sources

Severity

4.9MEDIUMNVD

CNA6.8

EPSS

0.3%

top 48.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Powerprotect DD Dell Data Domain Operating System

Timeline

PublishedJun 26

Description

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5dell/powerprotect_ddN/A — 2.7.7+2

▶NVDdell/data_domain_operating_system7.0 — 7.13+1

🔴Vulnerability Details

GHSA

GHSA-m882-mjcv-h646: Dell PowerProtect DD, versions prior to 8↗2024-06-26

▶

CVEList

CVE-2024-29173: Dell PowerProtect DD, versions prior to 8↗2024-06-26

▶