Powerprotect Data Manager
CVE-2026-22267
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
AnalysisAI
Dell PowerProtect Data Manager versions prior to 19.22 contain an incorrect privilege assignment flaw that allows remote attackers with low-level credentials to escalate their privileges on affected systems. The vulnerability requires network access and valid authentication but no user interaction, making it exploitable by insiders or attackers who have obtained legitimate credentials. No patch is currently available.
Technical ContextAI
Affects Powerprotect Data Manager. Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Powerprotect Data Manager
View allDell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information in
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgott
Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. Rated high severity (CVSS 8
Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Ele
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. Rated h
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerab
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. Rated medium sev
Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an
Dell PowerProtect Data Manager versions prior to 19.22 contain a privilege assignment flaw that allows low-privileged re
Dell PowerProtect Data Manager versions prior to 19.22 contain improper verification of REST API communication channels
Dell PowerProtect Data Manager versions prior to 19.22 contain improper verification of communication channels in the RE
Same weakness CWE-266 – Incorrect Privilege Assignment
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today