Vulnerabilities > CVE-2020-5356 - Files or Directories Accessible to External Parties vulnerability in Dell products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

dell

CWE-552

NVD

Published: 2020-07-06

Updated: 2020-07-20

Summary

Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell Powerprotect Data Manager 1.0 Dell Powerprotect Data Manager 1.1 Dell Powerprotect Data Manager 2.0 Dell Powerprotect Data Manager 2.1 Dell Powerprotect Data Manager 19.1 Dell Powerprotect Data Manager 19.2 Dell Powerprotect Data Manager 19.3	7
OS	Dell Dell Powerprotect X400 Firmware *	1
Hardware	Dell Dell Powerprotect X400 -	1

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability