CVE-2024-29174

Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*

History

23 Sep 2024, 21:00

Type Values Removed Values Added
Summary
  • (es) Dell Data Domain, versiones anteriores a 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contienen una vulnerabilidad de inyección SQL. Un atacante local con pocos privilegios podría explotar esta vulnerabilidad, lo que llevaría a la ejecución de ciertos comandos SQL en la base de datos backend de la aplicación, lo que provocaría un acceso no autorizado a los datos de la aplicación.
CPE cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*
References () https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities - Vendor Advisory
First Time Dell
Dell data Domain Operating System

26 Jun 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-26 03:15

Updated : 2024-09-23 21:00


NVD link : CVE-2024-29174

Mitre link : CVE-2024-29174

CVE.ORG link : CVE-2024-29174


JSON object : View

Products Affected

dell

  • data_domain_operating_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')