Dell Powerprotect Dp Series Appliance vulnerabilities

5 known vulnerabilities affecting dell/powerprotect_dp_series_appliance.

Total CVEs

5

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH1MEDIUM4

Vulnerabilities

Page 1 of 1

CVE-2025-36598MEDIUMCVSS 6.5≥ N/A, < 2.7.9 with AV CHF 3389052026-02-17

CVE-2025-36598 [MEDIUM] CWE-22 CVE-2025-36598: Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathnam Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to upload malicious files.

CVE-2026-22762MEDIUMCVSS 6.5≥ N/A, < 2.7.9 with AV CHF 3389122026-02-17

CVE-2026-22762 [MEDIUM] CWE-22 CVE-2026-22762: Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain a Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary file delete.

CVE-2025-36597MEDIUMCVSS 4.7≥ N/A, < Version 2.7.9 with AV CHF 3389052026-02-17

CVE-2025-36597 [MEDIUM] CWE-22 CVE-2025-36597: Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathnam Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

CVE-2025-29987HIGHCVSS 8.8≥ N/A, < 2.7.82025-04-03

CVE-2025-29987 [HIGH] CWE-1220 CVE-2025-29987: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 c Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.

CVE-2024-28974MEDIUMCVSS 6.5≥ N/A, ≤ 2.7.62024-05-29

CVE-2024-28974 [MEDIUM] CWE-326 CVE-2024-28974: Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerab Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.