CVE-2020-5356

Published: Jul 6, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.

Affected (2)

Products: Dell: Powerprotect Data Manager, Powerprotect X400 Firmware

2 products

Powerprotect Data Manager

Powerprotect X400 Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Powerprotect Data Manager	Before 19.4

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Powerprotect X400 Firmware	Before 3.2

Running on/with	Platform Versions
Dell Powerprotect X400	All versions

Related CWEs

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (2)

https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.