Skip to main content

Powerprotect Data Manager

19 CVEs product

Monthly

CVE-2026-22268 MEDIUM This Month

Dell PowerProtect Data Manager versions prior to 19.22 contain a privilege assignment flaw that allows low-privileged remote attackers to disrupt Enterprise Support connections, resulting in denial of service. Exploitation requires valid credentials and user interaction, and no patch is currently available. The vulnerability affects system availability rather than confidentiality or data integrity.

Denial Of Service Powerprotect Data Manager
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-22267 HIGH This Week

Dell PowerProtect Data Manager versions prior to 19.22 contain an incorrect privilege assignment flaw that allows remote attackers with low-level credentials to escalate their privileges on affected systems. The vulnerability requires network access and valid authentication but no user interaction, making it exploitable by insiders or attackers who have obtained legitimate credentials. No patch is currently available.

Information Disclosure Dell Powerprotect Data Manager
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-22266 MEDIUM This Month

Dell PowerProtect Data Manager versions prior to 19.22 contain improper verification of communication channels in the REST API, allowing high-privileged remote attackers to bypass security protections. The vulnerability requires administrative credentials but carries no patch availability, creating ongoing risk for affected deployments.

Authentication Bypass Dell Powerprotect Data Manager
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-22269 MEDIUM This Month

Dell PowerProtect Data Manager versions prior to 19.22 contain improper verification of REST API communication channels that allows high-privileged remote attackers to bypass security protections. The vulnerability requires administrative credentials and network access, enabling authenticated attackers to circumvent established security controls. No patch is currently available.

Authentication Bypass Dell Powerprotect Data Manager
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-43938 MEDIUM This Month

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. Rated medium severity (CVSS 5.0). No vendor patch available.

Dell Authentication Bypass Powerprotect Data Manager
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-43888 HIGH This Week

Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Powerprotect Data Manager
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-43887 HIGH This Week

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Dell Privilege Escalation Powerprotect Data Manager
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-43886 MEDIUM This Month

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Path Traversal Powerprotect Data Manager
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-43885 HIGH This Week

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Powerprotect Data Manager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43884 HIGH This Month

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Powerprotect Data Manager
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-43725 HIGH This Month

Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Privilege Escalation Powerprotect Data Manager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23377 MEDIUM This Month

Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Dell Code Injection Powerprotect Data Manager
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-23376 LOW Monitor

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Ssti Powerprotect Data Manager
NVD
CVSS 3.1
2.3
EPSS
0.1%
CVE-2025-23375 HIGH This Week

Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Powerprotect Data Manager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-25971 MEDIUM This Month

Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell XXE Powerprotect Data Manager
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-22454 HIGH PATCH This Week

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Dell Powerprotect Data Manager
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-22445 HIGH PATCH This Week

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Command Injection Dell Powerprotect Data Manager
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2023-28062 HIGH This Week

Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Powerprotect Data Manager
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-5356 MEDIUM This Month

Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Powerprotect Data Manager Powerprotect X400 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.3%
EPSS 0% CVSS 6.3
MEDIUM This Month

Dell PowerProtect Data Manager versions prior to 19.22 contain a privilege assignment flaw that allows low-privileged remote attackers to disrupt Enterprise Support connections, resulting in denial of service. Exploitation requires valid credentials and user interaction, and no patch is currently available. The vulnerability affects system availability rather than confidentiality or data integrity.

Denial Of Service Powerprotect Data Manager
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Dell PowerProtect Data Manager versions prior to 19.22 contain an incorrect privilege assignment flaw that allows remote attackers with low-level credentials to escalate their privileges on affected systems. The vulnerability requires network access and valid authentication but no user interaction, making it exploitable by insiders or attackers who have obtained legitimate credentials. No patch is currently available.

Information Disclosure Dell Powerprotect Data Manager
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Dell PowerProtect Data Manager versions prior to 19.22 contain improper verification of communication channels in the REST API, allowing high-privileged remote attackers to bypass security protections. The vulnerability requires administrative credentials but carries no patch availability, creating ongoing risk for affected deployments.

Authentication Bypass Dell Powerprotect Data Manager
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Dell PowerProtect Data Manager versions prior to 19.22 contain improper verification of REST API communication channels that allows high-privileged remote attackers to bypass security protections. The vulnerability requires administrative credentials and network access, enabling authenticated attackers to circumvent established security controls. No patch is currently available.

Authentication Bypass Dell Powerprotect Data Manager
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. Rated medium severity (CVSS 5.0). No vendor patch available.

Dell Authentication Bypass Powerprotect Data Manager
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Powerprotect Data Manager
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Dell Privilege Escalation Powerprotect Data Manager
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Path Traversal Powerprotect Data Manager
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Powerprotect Data Manager
NVD
EPSS 0% CVSS 8.2
HIGH This Month

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Powerprotect Data Manager
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Privilege Escalation +1
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Dell Code Injection Powerprotect Data Manager
NVD
EPSS 0% CVSS 2.3
LOW Monitor

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Ssti +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Powerprotect Data Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell XXE +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Dell Powerprotect Data Manager
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Command Injection Dell Powerprotect Data Manager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Powerprotect Data Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Powerprotect Data Manager +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy