Dell Emc Data Protection Central vulnerabilities

5 known vulnerabilities affecting dell/emc_data_protection_central.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2022-45102MEDIUMCVSS 6.1≥ 19.1, < 19.82023-02-01
CVE-2022-45102 [MEDIUM] CWE-644 CVE-2022-45102: Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vuln Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web cache or trigger redirections.
nvd
CVE-2022-34367HIGHCVSS 8.8≥ 19.1, < 19.72022-07-21
CVE-2022-34367 [HIGH] CWE-352 CVE-2022-34367: Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4, 19.5, 19.6, contain(s) a Cross-Sit Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4, 19.5, 19.6, contain(s) a Cross-Site Request Forgery Vulnerability. A(n) remote unauthenticated attacker could potentially exploit this vulnerability, leading to processing of unintended server operations.
nvd
CVE-2021-43588HIGHCVSS 7.5fixed in 19.62022-01-24
CVE-2021-43588 [HIGH] CWE-20 CVE-2021-43588: Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.
nvd
CVE-2021-36349MEDIUMCVSS 4.3fixed in 19.62022-01-24
CVE-2021-36349 [MEDIUM] CWE-918 CVE-2021-36349: Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulne Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts.
nvd
CVE-2019-3762HIGHCVSS 7.5v1.0v1.0.1+3 more2020-03-18
CVE-2019-3762 [HIGH] CWE-296 CVE-2019-3762: Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate C Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data.
nvd