7 matches found
CVE-2019-18581
Dell EMC Data Protection Advisor (DPA) versions 6.3, 6.4, 6.5, 18.2 before patch 83, and 19.1 before patch 71 are affected by a server missing authorization in the REST API. A remote authenticated administrator could potentially modify the application’s allowed OS commands list, enabling arbitrar...
CVE-2019-18582
Dell EMC Data Protection Advisor (DPA) REST API versions 6.3/6.4/6.5, 18.2 before patch 83, and 19.1 before patch 71 are affected by a server-side template injection vulnerability. A remote authenticated attacker with admin privileges can inject scripts via the report generation feature, potentia...
CVE-2020-5351
Dell EMC Data Protection Advisor (versions 6.4, 6.5, and 18.1) contains an undocumented account protected by a hard-coded password. A remote unauthenticated attacker who knows the password can log in and gain read‑only privileges. This is supported by multiple sources in the connected documents (...
CVE-2018-11048
CVE-2018-11048 affects Dell EMC Data Protection Advisor (DPA) versions 6.2, 6.3, 6.4, 6.5 and IDPA 2.0, 2.1, with a XML External Entity (XXE) Injection in the REST API. An authenticated remote attacker could read certain server files or cause a denial of service by sending crafted DTDs in XML req...
CVE-2020-5352
Dell EMC Data Protection Advisor (DPA) versions 6.4, 6.5 and 18.1 are affected by an OS command injection vulnerability (CVE-2020-5352). A remote authenticated attacker can execute arbitrary commands on the affected system. The issue is confirmed across multiple feeds (NVD entry and Nessus plugin...
CVE-2022-33935
Summary: CVE-2022-33935 affects Dell EMC Data Protection Advisor versions 19.6 and earlier and is a stored cross-site scripting (XSS) vulnerability in the web data store component. An attacker could cause the browser to execute malicious HTML/JavaScript in the context of the vulnerable web applic...
CVE-2016-8211
EMC Data Protection Advisor (DPA) is affected by a path traversal vulnerability (CVE-2016-8211) in the ImageServlet component. The issue exists on DPA installations listening on ports 9002 and 9004, caused by improper validation of a user-supplied path before file operations, enabling an unauthen...