CVE-2024-22454

EPSS 1.1%
Published 13.02.2024 08:16:35
Last modified 21.11.2024 08:56:19
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Powerprotect Data Manager Version <= 19.15

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.1%	0.771

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
security_alert@emc.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-640 Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

https://www.dell.com/support/kbdoc/en-us/000222025/dsa-2024-061-dell-power-protect-data-manager-update-for-multiple-security-vulnerabilities

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-22454

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-22454

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-22454

EUVD