Lucene search

DellCVE-2024-22460

HistoryMay 08, 2024 - 4:15 p.m.

CVE-2024-22460

2024-05-0816:15:07

CWE-502

dell

web.nvd.nist.gov

dell powerprotect dm5500

version 5.15.0.0

insecure deserialization

remote attacker

arbitrary code execution

vulnerability

CVSS3

2.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

AI Score

7.8

Confidence

Low

EPSS

Percentile

9.0%

JSON

Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.

Affected configurations

Vulners

Vulnrichment

Node

dellpowerprotect_data_managerRange≤5.15

VendorProductVersionCPE
dellpowerprotect_data_manager*cpe:2.3:a:dell:powerprotect_data_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	powerprotect_data_manager	*	cpe:2.3:a:dell:powerprotect_data_manager::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Data Manager Appliance Software (DMAS)",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "5.15",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000224843/dsa-2024-083-security-update-for-dell-powerprotect-data-manager-appliance-for-multiple-vulnerabilities

CVSS3

2.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

AI Score

7.8

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-22460