CVE-2024-22454

HIGH

Dell PowerProtect Data Manager <19.15 - Privilege Escalation

Title source: llm

Description

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change

References (1)

[Patch, Vendor Advisory] https://www.dell.com/support/kbdoc/en-us/000222025/dsa-2024-061-dell-power-protect-data-manager-update-for-multiple-security-vulnerabilities

Scores

CVSS v3 8.8

EPSS 0.0110

EPSS Percentile 77.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-640

Status published

Affected Products (1)

dell/powerprotect_data_manager < 19.15

Timeline

Published Feb 13, 2024

Tracked Since Feb 18, 2026