cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-25971,https://securityvulnerability.io/vulnerability/CVE-2024-25971,Dell PowerProtect Data Manager XML External Entity Injection Vulnerability,"Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.",Dell,Powerprotect Data Manager,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-03-28T18:43:06.075Z,0
CVE-2024-22445,https://securityvulnerability.io/vulnerability/CVE-2024-22445,Dell PowerProtect Data Manager Vulnerability Could Lead to System Takeover,"An OS command injection vulnerability exists in Dell PowerProtect Data Manager versions 19.15 and earlier. This vulnerability allows a remote attacker with high privileges to execute arbitrary operating system commands on the host system running the application. Successful exploitation could result in complete system takeover, granting unauthorized access and control to sensitive data and functions. Organizations utilizing affected versions are encouraged to apply recommended security updates to mitigate associated risks.",Dell,PowerProtect Data Manager,7.2,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-02-13T07:40:20.900Z,0
CVE-2024-22454,https://securityvulnerability.io/vulnerability/CVE-2024-22454,Dell PowerProtect Data Manager Vulnerability: Unauthorized Access via Weak Password Recovery Mechanism,"The vulnerability affects Dell PowerProtect Data Manager versions 19.15 and earlier, which incorporate a weak password recovery mechanism. This flaw enables a remote unauthenticated attacker to exploit the system. The attacker could retrieve a reset password token without proper authorization, allowing them to gain unauthorized access to the application with the privileges of the compromised account. This presents serious security risks, as attackers can manipulate account access and potentially lead to data breaches.",Dell,PowerProtect Data Manager,8.8,HIGH,0.0013800000306218863,false,,false,false,false,,,false,false,,2024-02-13T07:35:35.667Z,0
CVE-2023-44306,https://securityvulnerability.io/vulnerability/CVE-2023-44306,Path Traversal Vulnerability in Dell DM5500 Product,"The Dell DM5500 product has a path traversal vulnerability within its PPOE component, which could allow a remote attacker with elevated privileges to exploit this flaw. By leveraging this vulnerability, an attacker can potentially overwrite files on the server's filesystem, posing significant risk to the integrity of the data stored on the device.",Dell,Dell Powerprotect Data Manager Dm5500 Appliance,6.5,MEDIUM,0.001069999998435378,false,,false,false,false,,,false,false,,2023-12-04T09:15:00.000Z,0
CVE-2023-44301,https://securityvulnerability.io/vulnerability/CVE-2023-44301,Reflected Cross-Site Scripting Vulnerability in Dell DM5500,"The Dell DM5500 appliance versions 5.14.0.0 and prior are susceptible to a reflected cross-site scripting vulnerability. This issue allows an attacker with minimal privileges to inject and execute malicious scripts within a user's web browser, exploiting the vulnerable web application. Potential consequences of this vulnerability include unauthorized information access, session hijacking, and client-side request forgery, which can compromise the integrity and security of user interactions with the application.",Dell,Dell PowerProtect Data Manager DM5500 Appliance,5.4,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-12-04T09:15:00.000Z,0
CVE-2023-44302,https://securityvulnerability.io/vulnerability/CVE-2023-44302,Improper Authentication Vulnerability in Dell DM5500,"The Dell DM5500 appliance, specifically versions 5.14.0.0 and prior, exhibits improper authentication vulnerabilities. This flaw allows an unauthenticated remote attacker to exploit the system, potentially leading to unauthorized access to resources. In severe instances, this may enable the execution of arbitrary code, thereby compromising overall system integrity and security.",Dell,Dell PowerProtect Data Manager DM5500 Appliance,9.8,CRITICAL,0.0033199999015778303,false,,false,false,false,,,false,false,,2023-12-04T09:15:00.000Z,0
CVE-2023-44304,https://securityvulnerability.io/vulnerability/CVE-2023-44304,Privilege Escalation Vulnerability in Dell DM5500 Appliance,"The Dell DM5500 Appliance contains a privilege escalation vulnerability within its PPOE Component. This flaw allows an authenticated remote attacker with limited privileges to exploit the vulnerability, potentially enabling them to escape from a restricted shell environment and gain root access to the appliance. This could lead to unauthorized control, data manipulation, and compromise of the system's integrity.",Dell,Dell Powerprotect Data Manager Dm5500 Appliance,8.8,HIGH,0.003590000094845891,false,,false,false,false,,,false,false,,2023-12-04T09:15:00.000Z,0
CVE-2023-44291,https://securityvulnerability.io/vulnerability/CVE-2023-44291,OS Command Injection Vulnerability in Dell DM5500 Products,"The DM5500 5.14.0.0 features an OS command injection vulnerability within its PPOE component. This flaw allows an attacker with sufficient privileges to execute arbitrary OS commands on the underlying operating system. Such exploitation may result in unauthorized access and potential system takeover, posing a significant risk to affected systems.",Dell,Dell PowerProtect Data Manager DM5500 Appliance,7.2,HIGH,0.0014900000533089042,false,,false,false,false,,,false,false,,2023-12-04T09:15:00.000Z,0
CVE-2023-44300,https://securityvulnerability.io/vulnerability/CVE-2023-44300,Plain-text Password Storage Vulnerability in Dell DM5500 Appliances,"In the Dell DM5500 version 5.14.0.0, a vulnerability exists in the PPOE component that allows storage of user passwords in plain text. This flaw may be exploited by a local attacker who has gained certain privileges, resulting in the potential disclosure of sensitive user credentials. Once exposed, these credentials could be leveraged to gain unauthorized access to the application at the same privilege level as the compromised account, posing significant risks to data security and application integrity.",Dell,Dell PowerProtect Data Manager DM5500 Appliance,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-12-04T09:15:00.000Z,0
CVE-2023-44305,https://securityvulnerability.io/vulnerability/CVE-2023-44305,Stack-based Buffer Overflow Vulnerability in Dell PowerProtect Data Manager,"The Dell PowerProtect Data Manager DM5500 version 5.14.0.0 has been identified to contain a stack-based buffer overflow vulnerability in the PPOE component. This flaw allows unauthenticated remote attackers to exploit the system by sending specially crafted input data. Successful exploitation can lead to a crash of the affected process, or potentially allow the execution of arbitrary code on the system, posing serious security risks for organizations reliant on this product for data protection.",Dell,Dell PowerProtect Data Manager DM5500 Appliance,9.8,CRITICAL,0.0034600000362843275,false,,false,false,false,,,false,false,,2023-12-04T09:15:00.000Z,0
CVE-2023-28062,https://securityvulnerability.io/vulnerability/CVE-2023-28062,Improper Access Control in Dell PowerProtect Data Manager,"Dell PowerProtect Data Manager versions 19.12, 19.11, and 19.10 are affected by an improper access control vulnerability. This flaw could allow a remote authenticated user with low privileges to bypass access restrictions, leading to unauthorized actions within the application. Organizations using this product should consider evaluating their potential exposure and apply necessary patches to mitigate risks.",Dell,PPDM Reporting (PowerProtect Data Manager),8.8,HIGH,0.0017500000540167093,false,,false,false,false,,,false,false,,2023-04-11T14:15:00.000Z,0