CVE-2022-45102
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD
Description
Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web cache or trigger redirections.
Affected (3)
Products: Dell: Emc Data Protection Central, Dp4400 Firmware, Dp5900 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 19.1 to 19.8 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| From 2.5 to 2.7 |
| Running on/with | Platform Versions |
|---|---|
Dell Dp4400 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| From 2.5 to 2.7 |
| Running on/with | Platform Versions |
|---|---|
Dell Dp5900 | All versions |
Related CWEs
CWE-116
Improper Encoding or Escaping of Output
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
CWE-644
Improper Neutralization of HTTP Headers for Scripting Syntax
The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.
References (2)
Source: security_alert@emc.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.