Lucene search
K

142 matches found

CNVD
CNVD
added 2020/03/19 12:0 a.m.4 views

Dell EMC Data Protection Advisor Code Injection Vulnerability

Dell EMC Data Protection Advisor is a data protection management solution from Dell Dell. The product supports data backup, data recovery and data replication management. A code injection vulnerability exists in the REST API in Dell EMC Data Protection Advisor. A remote attacker could leverage th...

9.1CVSS8.1AI score0.04573EPSS
Exploits0References1
NVD
NVD
added 2020/03/18 7:15 p.m.14 views

CVE-2019-18581

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this...

9.1CVSS7.5AI score0.03919EPSS
Exploits0References1
NVD
NVD
added 2020/03/18 7:15 p.m.9 views

CVE-2019-18582

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this...

9.1CVSS7.5AI score0.04573EPSS
Exploits0References1
OSV
OSV
added 2020/03/18 7:15 p.m.3 views

CVE-2019-18582

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this...

7.2CVSS7.3AI score0.04573EPSS
Exploits0References1
OSV
OSV
added 2020/03/18 7:15 p.m.2 views

CVE-2019-18581

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this...

7.2CVSS7.4AI score0.03919EPSS
Exploits0References1
Prion
Prion
added 2020/03/18 7:15 p.m.17 views

Sql injection

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this...

9CVSS6.9AI score0.04573EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2020/03/18 7:15 p.m.12 views

Authorization

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this...

9CVSS6.9AI score0.03919EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2020/03/18 6:20 p.m.63 views

CVE-2019-18582

Dell EMC Data Protection Advisor (DPA) REST API versions 6.3/6.4/6.5, 18.2 before patch 83, and 19.1 before patch 71 are affected by a server-side template injection vulnerability. A remote authenticated attacker with admin privileges can inject scripts via the report generation feature, potentia...

9.1CVSS6.8AI score0.04573EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/03/18 6:20 p.m.64 views

CVE-2019-18581

Dell EMC Data Protection Advisor (DPA) versions 6.3, 6.4, 6.5, 18.2 before patch 83, and 19.1 before patch 71 are affected by a server missing authorization in the REST API. A remote authenticated administrator could potentially modify the application’s allowed OS commands list, enabling arbitrar...

9.1CVSS6.9AI score0.03919EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/03/18 6:20 p.m.18 views

CVE-2019-18581

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this...

9.1CVSS7AI score0.03919EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/08/31 12:0 a.m.16 views

EMC Data Protection Advisor Installed

Binary data winemcdpainstalled.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/08/31 12:0 a.m.26 views

EMC Data Protection Advisor 6.2 < 6.4 Patch B180 / < 6.5 patch B51 (DSA-2018-112).

According to its self-reported version, the application is 6.2 6.4 Patch B180 or 6.5 6.5 patch B51. It is, therefore, affected by an XML external entity vulnerability vulnerability. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid112193; scriptversion"1.6";...

8.1CVSS7.2AI score0.02091EPSS
Exploits0References3
OSV
OSV
added 2018/08/10 8:29 p.m.5 views

CVE-2018-11048

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 contain a XML External Entity XXE Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to...

8.1CVSS5.8AI score0.02091EPSS
Exploits0References3
Prion
Prion
added 2018/08/10 8:29 p.m.17 views

Xxe

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 contain a XML External Entity XXE Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to...

5.5CVSS7.9AI score0.02091EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2018/08/10 8:0 p.m.19 views

CVE-2018-11048

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 contain a XML External Entity XXE Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to...

8AI score0.02091EPSS
Exploits0References3
CVE
CVE
added 2018/08/10 8:0 p.m.54 views

CVE-2018-11048

CVE-2018-11048 affects Dell EMC Data Protection Advisor (DPA) versions 6.2, 6.3, 6.4, 6.5 and IDPA 2.0, 2.1, with a XML External Entity (XXE) Injection in the REST API. An authenticated remote attacker could read certain server files or cause a denial of service by sending crafted DTDs in XML req...

8.1CVSS7.9AI score0.02091EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2018/03/16 8:29 p.m.25 views

CVE-2017-8013

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password...

9.8CVSS9.6AI score0.02217EPSS
Exploits1References3
Prion
Prion
added 2018/03/16 8:29 p.m.15 views

Hardcoded credentials

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password...

7.5CVSS9.6AI score0.02217EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2018/03/16 8:29 p.m.5 views

CVE-2017-8013

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password...

9.8CVSS5.8AI score0.02217EPSS
Exploits1References3
Cvelist
Cvelist
added 2018/03/16 8:0 p.m.18 views

CVE-2017-8013

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password...

9.7AI score0.02217EPSS
Exploits1References3
Rows per page
Query Builder