Dell PowerProtect Data Manager XML External Entity Injection Vulnerability
CVE-2024-25971

6.5MEDIUM

Key Information:

Vendor

Dell
Status
Powerprotect Data Manager
Vendor
CVE Published:
28 March 2024

What is CVE-2024-25971?

Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.

Affected Version(s)

PowerProtect Data Manager < 19.16

References

https://www.dell.com/support/kbdoc/en-us/000223556/dsa-20...
vendor-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.