Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:dell:emc_data_protection_advisor:19.1:-:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-33935 |
Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. Published: August 30, 2022; 5:15:08 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2019-18582 |
Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to inject malicious report generation scripts in the server. This may lead to OS command execution as the regular user runs the DPA service on the affected system. Published: March 18, 2020; 3:15:16 PM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2019-18581 |
Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application’s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system. Published: March 18, 2020; 3:15:16 PM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 9.0 HIGH |