PT-2023-9120 · Dell · Dell Powerprotect Dd
Franciszek Kalinowski
+3
·
Published
2023-12-14
·
Updated
2023-12-27
·
CVE-2023-44284
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Dell PowerProtect DD versions prior to 7.13.0.10
Dell PowerProtect DD version 6.2.1.110
Dell PowerProtect DD LTS versions prior to 7.7.5.25
Dell PowerProtect DD LTS versions prior to 7.10.1.15
Description
The issue is related to an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read access to application data. This is due to a lack of protection of the SQL query structure.
Recommendations
For versions prior to 7.13.0.10, update to version 7.13.0.10 or later.
For version 6.2.1.110, update to a version later than 6.2.1.110.
For LTS versions prior to 7.7.5.25, update to version 7.7.5.25 or later.
For LTS versions prior to 7.10.1.15, update to version 7.10.1.15 or later.
Fix
Special Elements Injection
Improper Neutralization
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dell Powerprotect Dd