Dell Powerprotect Dd vulnerabilities

25 known vulnerabilities affecting dell/powerprotect_dd.

Total CVEs

25

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH10MEDIUM13LOW2

Vulnerabilities

Page 1 of 2

CVE-2025-22475HIGHCVSS 7.5≥ 7.7.1.0, ≤ 8.1.0.10≥ 7.13.1.0, ≤ 7.13.1.10+1 more2025-02-04

CVE-2025-22475 [HIGH] CWE-1240 CVE-2025-22475: Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a C Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.

CVE-2024-51534HIGHCVSS 7.1≥ 7.7.1.0, ≤ 8.1.0.102025-02-01

CVE-2024-51534 [HIGH] CWE-29 CVE-2024-51534: Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path travers Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service.

CVE-2024-53295HIGHCVSS 7.8≥ 7.7.1.0, ≤ 8.1.0.10≥ 7.13.1.0, ≤ 7.13.1.10+1 more2025-02-01

CVE-2024-53295 [HIGH] CWE-1220 CVE-2024-53295: Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.

CVE-2024-53296MEDIUMCVSS 4.9≥ 7.13.1.0, ≤ 7.13.1.10≥ 7.10.1.0, ≤ 7.10.1.402025-02-01

CVE-2024-53296 [MEDIUM] CWE-121 CVE-2024-53296: Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

CVE-2024-48010HIGHCVSS 7.2≥ 7.7.1, ≤ 8.0.0.0≥ N/A, < 7.13.1.10+2 more2024-11-08

CVE-2024-48010 [HIGH] CWE-284 CVE-2024-48010: Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an acc Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application.

CVE-2024-45759HIGHCVSS 7.3≥ 7.7.1, ≤ 8.0.0.0≥ N/A, < 7.13.1.10+2 more2024-11-08

CVE-2024-45759 [HIGH] CWE-266 CVE-2024-45759: Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contai Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to unauthorized execution of certain commands to overwrite system config of the application. Exploitation may lead to deni

CVE-2024-48011MEDIUMCVSS 6.5≥ N/A, < 7.7.5.502024-11-08

CVE-2024-48011 [MEDIUM] CWE-200 CVE-2024-48011: Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to a Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

CVE-2024-29176HIGHCVSS 8.8≥ 7.0, ≤ 7.13≥ N/A, < 2.7.7+1 more2024-06-26

CVE-2024-29176 [HIGH] CWE-787 CVE-2024-29176: Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Wri Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

CVE-2024-37140HIGHCVSS 8.8≥ 7.0, ≤ 7.13≥ N/A, < 2.7.7+1 more2024-06-26

CVE-2024-37140 [HIGH] CWE-78 CVE-2024-37140: Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the

CVE-2024-29174MEDIUMCVSS 4.4≥ 7.0, ≤ 7.13≥ 7.8, ≤ 7.132024-06-26

CVE-2024-29174 [MEDIUM] CWE-89 CVE-2024-29174: Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection v Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data.

CVE-2024-29173MEDIUMCVSS 4.9≥ 7.0, ≤ 7.13≥ N/A, < 2.7.7+1 more2024-06-26

CVE-2024-29173 [MEDIUM] CWE-918 CVE-2024-29173: Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Ser Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client.

CVE-2024-29175MEDIUMCVSS 5.9≥ 7.0, ≤ 7.13≥ N/A, < 2.7.7+2 more2024-06-26

CVE-2024-29175 [MEDIUM] CWE-327 CVE-2024-29175: Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an we Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information.

CVE-2024-28973MEDIUMCVSS 4.8≥ 7.0, ≤ 7.13≥ N/A, < 2.7.7+1 more2024-06-26

CVE-2024-28973 [MEDIUM] CWE-79 CVE-2024-28973: Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Sto Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user

CVE-2024-37138MEDIUMCVSS 6.8≥ 7.0, ≤ 7.13≥ 7.8, ≤ 7.132024-06-26

CVE-2024-37138 [MEDIUM] CWE-23 CVE-2024-37138: Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC conta Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system.

CVE-2024-37139MEDIUMCVSS 6.5≥ N/A, < 5.16.0.0≥ N/A, < 2.7.7+1 more2024-06-26

CVE-2024-37139 [MEDIUM] CWE-664 CVE-2024-37139: Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Im Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource constraint of system application. Exploitation may lead

CVE-2024-29177LOWCVSS 2.7≥ 7.0, ≤ 7.13≥ N/A, < 2.7.7+2 more2024-06-26

CVE-2024-29177 [LOW] CWE-532 CVE-2024-29177: Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a dis Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain unauthorized access to the application report.

CVE-2024-37141LOWCVSS 3.5≥ 7.0, ≤ 7.13≥ N/A, < 2.7.7+2 more2024-06-26

CVE-2024-37141 [LOW] CWE-601 CVE-2024-37141: Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an op Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.

CVE-2023-48667HIGHCVSS 7.2vVersions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.1102023-12-14

CVE-2023-48667 [HIGH] CWE-78 CVE-2023-48667: Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restriction.

CVE-2023-44277HIGHCVSS 7.8vVersions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 2023-12-14

CVE-2023-44277 [HIGH] CWE-78 CVE-2023-44277: Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable appl

CVE-2023-44285HIGHCVSS 7.8vVersions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.1102023-12-14

CVE-2023-44285 [HIGH] CWE-1220 CVE-2023-44285: Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.