CVE-2020-5356

Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:powerprotect_data_manager:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:powerprotect_x400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:powerprotect_x400:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:33

Type Values Removed Values Added
References () https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability - Vendor Advisory () https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability - Vendor Advisory
CVSS v2 : 4.0
v3 : 6.5
v2 : 4.0
v3 : 7.7

Information

Published : 2020-07-06 18:15

Updated : 2024-11-21 05:33


NVD link : CVE-2020-5356

Mitre link : CVE-2020-5356

CVE.ORG link : CVE-2020-5356


JSON object : View

Products Affected

dell

  • powerprotect_x400
  • powerprotect_x400_firmware
  • powerprotect_data_manager
CWE
CWE-285

Improper Authorization

CWE-552

Files or Directories Accessible to External Parties