CVE-2023-44286

Name of the Vulnerable Software and Affected Versions Dell PowerProtect DD versions prior to 7.13.0.10 Dell PowerProtect DD LTS 7.7.5.25 Dell PowerProtect DD LTS 7.10.1.15 Dell PowerProtect DD version 6.2.1.110

Description A remote unauthenticated attacker could potentially exploit a DOM-based Cross-Site Scripting vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user's DOM environment in the browser. Exploitation may lead to information disclosure, session theft, or client-side request forgery. This vulnerability allows for full account takeover using the DataDomain REST API.

Recommendations For versions prior to 7.13.0.10, update to version 7.13.0.10 or later. For LTS 7.7.5.25, update to a version later than 7.7.5.25. For LTS 7.10.1.15, update to a version later than 7.10.1.15. For version 6.2.1.110, update to a version later than 6.2.1.110. As a temporary workaround, consider restricting access to the DataDomain REST API until a patch is available.