Lucene search
+L
DellEmc Data Protection Advisor

7 matches found

CVE
CVE
added 2020/03/18 6:20 p.m.67 views

CVE-2019-18581

Dell EMC Data Protection Advisor (DPA) versions 6.3, 6.4, 6.5, 18.2 before patch 83, and 19.1 before patch 71 are affected by a server missing authorization in the REST API. A remote authenticated administrator could potentially modify the application’s allowed OS commands list, enabling arbitrar...

9.1CVSS6.9AI score0.03919EPSS
CVE
CVE
added 2020/03/18 6:20 p.m.66 views

CVE-2019-18582

Dell EMC Data Protection Advisor (DPA) REST API versions 6.3/6.4/6.5, 18.2 before patch 83, and 19.1 before patch 71 are affected by a server-side template injection vulnerability. A remote authenticated attacker with admin privileges can inject scripts via the report generation feature, potentia...

9.1CVSS6.8AI score0.04573EPSS
CVE
CVE
added 2021/07/28 12:5 a.m.57 views

CVE-2020-5351

Dell EMC Data Protection Advisor (versions 6.4, 6.5, and 18.1) contains an undocumented account protected by a hard-coded password. A remote unauthenticated attacker who knows the password can log in and gain read‑only privileges. This is supported by multiple sources in the connected documents (...

7.5CVSS7.8AI score0.01064EPSS
CVE
CVE
added 2018/08/10 8:0 p.m.56 views

CVE-2018-11048

CVE-2018-11048 affects Dell EMC Data Protection Advisor (DPA) versions 6.2, 6.3, 6.4, 6.5 and IDPA 2.0, 2.1, with a XML External Entity (XXE) Injection in the REST API. An authenticated remote attacker could read certain server files or cause a denial of service by sending crafted DTDs in XML req...

8.1CVSS7.9AI score0.02091EPSS
CVE
CVE
added 2020/07/06 5:45 p.m.55 views

CVE-2020-5352

Dell EMC Data Protection Advisor (DPA) versions 6.4, 6.5 and 18.1 are affected by an OS command injection vulnerability (CVE-2020-5352). A remote authenticated attacker can execute arbitrary commands on the affected system. The issue is confirmed across multiple feeds (NVD entry and Nessus plugin...

9CVSS8.9AI score0.02911EPSS
CVE
CVE
added 2022/08/30 8:25 p.m.54 views

CVE-2022-33935

Summary: CVE-2022-33935 affects Dell EMC Data Protection Advisor versions 19.6 and earlier and is a stored cross-site scripting (XSS) vulnerability in the web data store component. An attacker could cause the browser to execute malicious HTML/JavaScript in the context of the vulnerable web applic...

5.4CVSS5.3AI score0.00364EPSS
CVE
CVE
added 2017/02/03 7:24 a.m.52 views

CVE-2016-8211

EMC Data Protection Advisor (DPA) is affected by a path traversal vulnerability (CVE-2016-8211) in the ImageServlet component. The issue exists on DPA installations listening on ports 9002 and 9004, caused by improper validation of a user-supplied path before file operations, enabling an unauthen...

7.5CVSS7.3AI score0.02965EPSS