CVE-2024-22445

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Manager versions 19.15 and prior

Description The issue is an OS command injection vulnerability that could allow a remote high privileged attacker to execute arbitrary OS commands on the application's underlying OS with the privileges of the vulnerable application. This may lead to a system takeover by an attacker. The vulnerability exists due to the failure to neutralize special elements used in the OS command.

Recommendations For Dell PowerProtect Data Manager versions 19.15 and prior, consider disabling any functionality that allows remote high privileged access until a patch is available. Restrict access to the underlying OS to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.