Powerprotect Data Manager
CVE-2024-25971
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.
AnalysisAI
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as XML External Entity (XXE) (CWE-611), which allows attackers to read arbitrary files or perform SSRF through XML processing. Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service. Affected products include: Dell Powerprotect Data Manager. Version information: version 19.15.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Disable external entity processing in XML parsers, use JSON instead of XML where possible.
More in Powerprotect Data Manager
View allDell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information in
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgott
Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. Rated high severity (CVSS 8
Dell PowerProtect Data Manager versions prior to 19.22 contain an incorrect privilege assignment flaw that allows remote
Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Ele
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. Rated h
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerab
Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an
Dell PowerProtect Data Manager versions prior to 19.22 contain a privilege assignment flaw that allows low-privileged re
Dell PowerProtect Data Manager versions prior to 19.22 contain improper verification of REST API communication channels
Dell PowerProtect Data Manager versions prior to 19.22 contain improper verification of communication channels in the RE
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today