Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.
References
Configurations
History
27 Jan 2025, 18:55
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Dell powerprotect Data Manager
Dell |
|
| References | () https://www.dell.com/support/kbdoc/en-us/000223556/dsa-2024-132-security-update-dell-power-protect-data-manager-for-multiple-security-vulnerabilities - Vendor Advisory | |
| CPE | cpe:2.3:a:dell:powerprotect_data_manager:*:*:*:*:*:*:*:* |
21 Nov 2024, 09:01
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.dell.com/support/kbdoc/en-us/000223556/dsa-2024-132-security-update-dell-power-protect-data-manager-for-multiple-security-vulnerabilities - |
28 Mar 2024, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-03-28 19:15
Updated : 2025-01-27 18:55
NVD link : CVE-2024-25971
Mitre link : CVE-2024-25971
CVE.ORG link : CVE-2024-25971
JSON object : View
Products Affected
dell
- powerprotect_data_manager
CWE
CWE-611
Improper Restriction of XML External Entity Reference