Powerprotect Data Manager
CVE-2026-22269
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.
AnalysisAI
Dell PowerProtect Data Manager versions prior to 19.22 contain improper verification of REST API communication channels that allows high-privileged remote attackers to bypass security protections. The vulnerability requires administrative credentials and network access, enabling authenticated attackers to circumvent established security controls. No patch is currently available.
Technical ContextAI
Affects Powerprotect Data Manager. Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Powerprotect Data Manager
View allDell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information in
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgott
Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. Rated high severity (CVSS 8
Dell PowerProtect Data Manager versions prior to 19.22 contain an incorrect privilege assignment flaw that allows remote
Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Ele
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. Rated h
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerab
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. Rated medium sev
Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an
Dell PowerProtect Data Manager versions prior to 19.22 contain a privilege assignment flaw that allows low-privileged re
Dell PowerProtect Data Manager versions prior to 19.22 contain improper verification of communication channels in the RE
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today