SQL Injection Vulnerability in Dell PowerProtect DD
CVE-2023-44284

4.3MEDIUM

Key Information:

Vendor: Dell
Status: Powerprotect Dd
Vendor: CVE Published:; 14 December 2023

Summary

The Dell PowerProtect DD product suite is affected by an SQL Injection vulnerability present in versions prior to 7.13.0.10. This flaw enables a remote attacker with low privileges to execute specific SQL commands on the backend database, which could lead to unauthorized access to sensitive application data. It is crucial for organizations utilizing these versions to apply security updates and mitigate potential risks associated with this vulnerability.

Affected Version(s)

PowerProtect DD Versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110

References

https://www.dell.com/support/kbdoc/en-us/000220264/dsa-20...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Sep 28, 2023

Credit

Dell Technologies would like to thank Jakub Brzozowski (redfr0g), Franciszek Kalinowski, and Stanisław Koza from STM Cyber for reporting these issues.