CVE-2024-25971

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Manager version 19.15

Description The issue is related to an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service. The vulnerability is associated with incorrect restriction of XML links to external objects, which could allow an attacker to gain unauthorized access to confidential data or cause a denial of service.

Recommendations For Dell PowerProtect Data Manager version 19.15, consider disabling the XML external entity injection functionality until a patch is available. Restrict access to sensitive data and configure the system to limit the impact of a potential denial-of-service attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.