EUVD-2026-23392
GHSA-w42r-7hmw-4854
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to credential exposures. Authentication attempts as the compromised user would need to be authorized by a high privileged DD user. This vulnerability only affects systems with retention lock enabled.
AnalysisAI
Dell PowerProtect Data Domain appliances log sensitive credentials when retention lock is enabled, allowing low-privileged remote attackers to harvest authentication data from log files. Affects DD OS 8.0-8.5 and LTS2025 8.3.1.0-8.3.1.10. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all Dell PowerProtect Data Domain appliances in your environment and verify which are running affected versions (DD OS 8.0-8.5, LTS2025 8.3.1.0-8.3.1.10) using Dell DSA-2026-060. Within 7 days: Restrict log file access through RBAC to high-privilege accounts only and review recent log access by low-privilege users. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today