CVE-2024-22454

HIGH

Dell PowerProtect Data Manager <19.15 - Privilege Escalation

Title source: llm

Description

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change

References (1)

[Patch, Vendor Advisory] https://www.dell.com/support/kbdoc/en-us/000222025/dsa-2024-061-dell-power-protect-data-manager-update-for-multiple-security-vulnerabilities

Scores

CVSS v3 8.8

EPSS 0.0110

EPSS Percentile 78.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-640

Status published

Products (1)

dell/powerprotect_data_manager < 19.15

Published Feb 13, 2024

Tracked Since Feb 18, 2026