7.6

CVE-2026-23775

EPSS 0.02%
Veröffentlicht 17.04.2026 08:22:59
Zuletzt bearbeitet 20.04.2026 18:11:24
Quelle security_alert@emc.com
CVE-Watchlists
Login
Unerledigt
Login

Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to credential exposures. Authentication attempts as the compromised user would need to be authorized by a high privileged DD user. This vulnerability only affects systems with retention lock enabled.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Data Domain Operating System Version >= 8.3.0.0 < 8.3.1.20

Dell ≫ Data Domain Operating System Version >= 8.4.0.0 < 8.6.0.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.033

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.7	2.1	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
security_alert@emc.com	7.6	2.1	5.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-23775

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23775

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23775

EUVD