CVE-2019-18582

Name of the Vulnerable Software and Affected Versions: Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5 Dell EMC Data Protection Advisor versions 18.2 prior to patch 83 Dell EMC Data Protection Advisor versions 19.1 prior to patch 71

Description: The issue concerns a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to inject malicious report generation scripts in the server, leading to OS command execution as the regular user runs the DPA service on the affected system.

Recommendations: For versions 6.3, 6.4, 6.5, apply the necessary patches to fix the server-side template injection vulnerability. For version 18.2, apply patch 83 or later to resolve the issue. For version 19.1, apply patch 71 or later to resolve the issue.