PT-2020-18423 · Dell · Dell Powerprotect Data Manager+1

Published

2020-07-06

Updated

2020-07-20

CVE-2020-5356

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 Dell PowerProtect X400 versions prior to 3.2

Description The issue concerns an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.

Recommendations For Dell PowerProtect Data Manager (PPDM) versions prior to 19.4, update to version 19.4 or later. For Dell PowerProtect X400 versions prior to 3.2, update to version 3.2 or later.

Fix

Improper Authorization

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-552

Related Identifiers

CVE-2020-5356

Affected Products

Dell Powerprotect Data Manager

Dell Powerprotect X400

PT-2020-18423 · Dell · Dell Powerprotect Data Manager+1

CVE-2020-5356

Weakness Enumeration

Related Identifiers

Affected Products

References · 4