PT-2023-9120 · Dell · Dell Powerprotect Dd
Franciszek Kalinowski
+3
·
Publicado
2023-12-14
·
Atualizado
2023-12-27
·
CVE-2023-44284
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Dell PowerProtect DD versions prior to 7.13.0.10
Dell PowerProtect DD version 6.2.1.110
Dell PowerProtect DD LTS versions prior to 7.7.5.25
Dell PowerProtect DD LTS versions prior to 7.10.1.15
Description
The issue is related to an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read access to application data. This is due to a lack of protection of the SQL query structure.
Recommendations
For versions prior to 7.13.0.10, update to version 7.13.0.10 or later.
For version 6.2.1.110, update to a version later than 6.2.1.110.
For LTS versions prior to 7.7.5.25, update to version 7.7.5.25 or later.
For LTS versions prior to 7.10.1.15, update to version 7.10.1.15 or later.
Correção
Special Elements Injection
Improper Neutralization
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Dell Powerprotect Dd