cbcvebase.

Dell Powerprotect Dd vulnerabilities

25 known vulnerabilities affecting dell/powerprotect_dd.

Total CVEs
25
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH10MEDIUM13LOW2

Vulnerabilities

Page 1 of 2
CVE-2024-37140P2HIGHCVSS 8.8≥ 7.0, ≤ 7.13≥ N/A, < 2.7.7+1 more2024-06-26
CVE-2024-37140 [HIGH] CWE-78 CVE-2024-37140: Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the
nvd
CVE-2024-29176P3HIGHCVSS 8.8≥ 7.0, ≤ 7.13≥ N/A, < 2.7.7+1 more2024-06-26
CVE-2024-29176 [HIGH] CWE-787 CVE-2024-29176: Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Wri Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
nvd
CVE-2023-48667P3HIGHCVSS 7.2vVersions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.1102023-12-14
CVE-2023-48667 [HIGH] CWE-78 CVE-2023-48667: Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restriction.
nvd
CVE-2023-44277P3HIGHCVSS 7.8vVersions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 2023-12-14
CVE-2023-44277 [HIGH] CWE-78 CVE-2023-44277: Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable appli
nvd
CVE-2024-48010P3HIGHCVSS 7.2≥ 7.7.1, ≤ 8.0.0.0≥ N/A, < 7.13.1.10+2 more2024-11-08
CVE-2024-48010 [HIGH] CWE-284 CVE-2024-48010: Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an acc Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application.
nvd
CVE-2025-22475P3HIGHCVSS 7.5≥ 7.7.1.0, ≤ 8.1.0.10≥ 7.13.1.0, ≤ 7.13.1.10+1 more2025-02-04
CVE-2025-22475 [HIGH] CWE-1240 CVE-2025-22475: Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a C Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.
nvd
CVE-2023-44285P3HIGHCVSS 7.8vVersions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.1102023-12-14
CVE-2023-44285 [HIGH] CWE-1220 CVE-2023-44285: Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.
nvd
CVE-2024-53295P3HIGHCVSS 7.8≥ 7.7.1.0, ≤ 8.1.0.10≥ 7.13.1.0, ≤ 7.13.1.10+1 more2025-02-01
CVE-2024-53295 [HIGH] CWE-1220 CVE-2024-53295: Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.
nvd
CVE-2024-45759P3HIGHCVSS 7.3≥ 7.7.1, ≤ 8.0.0.0≥ N/A, < 7.13.1.10+2 more2024-11-08
CVE-2024-45759 [HIGH] CWE-266 CVE-2024-45759: Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contai Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to unauthorized execution of certain commands to overwrite system config of the application. Exploitation may lead to deni
nvd
CVE-2024-37139P3MEDIUMCVSS 6.5≥ N/A, < 5.16.0.0≥ N/A, < 2.7.7+1 more2024-06-26
CVE-2024-37139 [MEDIUM] CWE-664 CVE-2024-37139: Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Im Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource constraint of system application. Exploitation may lead
nvd
CVE-2024-48011P3MEDIUMCVSS 6.5≥ N/A, < 7.7.5.502024-11-08
CVE-2024-48011 [MEDIUM] CWE-200 CVE-2024-48011: Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to a Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
nvd
CVE-2024-37138P4MEDIUMCVSS 6.8≥ 7.0, ≤ 7.13≥ 7.8, ≤ 7.132024-06-26
CVE-2024-37138 [MEDIUM] CWE-23 CVE-2024-37138: Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC conta Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system.
nvd
CVE-2023-44279P4MEDIUMCVSS 6.7vVersions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.1102023-12-14
CVE-2023-44279 [MEDIUM] CWE-78 CVE-2023-44279: Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker
nvd
CVE-2023-48668P4MEDIUMCVSS 6.7vVersions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.1102023-12-14
CVE-2023-48668 [MEDIUM] CWE-78 CVE-2023-48668: Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC c Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with th
nvd
CVE-2024-29175P4MEDIUMCVSS 5.9≥ 7.0, ≤ 7.13≥ N/A, < 2.7.7+2 more2024-06-26
CVE-2024-29175 [MEDIUM] CWE-327 CVE-2024-29175: Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an we Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information.
nvd
CVE-2023-44278P4MEDIUMCVSS 6.7vVersions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 2023-12-14
CVE-2023-44278 [MEDIUM] CWE-22 CVE-2023-44278: Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application.
nvd
CVE-2024-51534P4HIGHCVSS 7.1≥ 7.7.1.0, ≤ 8.1.0.102025-02-01
CVE-2024-51534 [HIGH] CWE-29 CVE-2024-51534: Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path travers Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service.
nvd
CVE-2023-44286P4MEDIUMCVSS 6.1vVersions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110ersions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.1102023-12-14
CVE-2023-44286 [MEDIUM] CWE-79 CVE-2023-44286: Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user's DOM environment in the browser. . Exploitation
nvd
CVE-2023-44284P4MEDIUMCVSS 4.3vVersions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.1102023-12-14
CVE-2023-44284 [MEDIUM] CWE-89 CVE-2023-44284: Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized read access to application data.
nvd
CVE-2024-53296P4MEDIUMCVSS 4.9≥ 7.13.1.0, ≤ 7.13.1.10≥ 7.10.1.0, ≤ 7.10.1.402025-02-01
CVE-2024-53296 [MEDIUM] CWE-121 CVE-2024-53296: Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
nvd