Lucene search

[email protected]CVE-2023-44284

HistoryDec 14, 2023 - 4:15 p.m.

CVE-2023-44284

2023-12-1416:15:46

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-44284

dell powerprotect dd

sql injection

vulnerability

security

nvd

unauthorized access

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.5%

JSON

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application’s backend database causing unauthorized read access to application data.

Affected configurations

NVD

Node

dellpowerprotect_data_protectionRange<2.7.6

AND

delldp4400Match-

delldp5900Match-

Node

dellapex_protection_storageRange<6.2.1.110

dellapex_protection_storageRange7.0–7.10.1.15

dellpowerprotect_data_domainRange<6.2.1.110virtual

dellpowerprotect_data_domainRange7.0–7.12.0.0virtual

dellpowerprotect_data_domain_management_centerRange<6.2.1.110

dellpowerprotect_data_domain_management_centerRange7.0–7.13.0.10

dellemc_data_domain_osRange<6.2.1.110

dellemc_data_domain_osRange7.0–7.12.0.0

dellemc_data_domain_osRange7.7–7.7.5.25lts2022

dellemc_data_domain_osRange7.10–7.10.1.15lts2023

dellpowerprotect_data_domain_management_centerRange7.7–7.7.5.25lts2022

dellpowerprotect_data_domain_management_centerRange7.10–7.10.1.15lts2023

AND

delldd3300Match-

delldd6400Match-

delldd6900Match-

delldd9400Match-

delldd9900Match-

CPENameOperatorVersion
dell:powerprotect_data_protectiondell powerprotect data protectionlt2.7.6

CPE	Name	Operator	Version
dell:powerprotect_data_protection	dell powerprotect data protection	lt	2.7.6

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerProtect DD",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.5%

JSON

Related for CVE-2023-44284

nvd1 prion1 cvelist1