Improper Encoding Flaw in Dell PowerProtect Data Manager
CVE-2025-23377

4.2MEDIUM

Key Information:

Vendor
Dell
Vendor
CVE Published:
28 April 2025

Summary

Dell PowerProtect Data Manager versions 19.17 and 19.18 are susceptible to a vulnerability that arises from improper encoding or escaping of output. This security flaw could allow a high-privileged attacker with local access to exploit the vulnerability, thereby injecting arbitrary web scripts or HTML into reporting outputs. Such an exploit may lead to unauthorized access or manipulation of sensitive information presented in the reports.

Affected Version(s)

PowerProtect Data Manager 19.15.0 <= 19.18.0-23

References

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.