Vulnerabilities > Dell > EMC Data Protection Advisor > 6.4

DATE CVE VULNERABILITY TITLE RISK
2022-08-30 CVE-2022-33935 Cross-site Scripting vulnerability in Dell EMC Data Protection Advisor
Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store.
network
low complexity
dell CWE-79
5.4
2021-07-28 CVE-2020-5351 Unspecified vulnerability in Dell EMC Data Protection Advisor 18.1/6.4/6.5
Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password.
network
low complexity
dell
7.5
2020-07-06 CVE-2020-5352 OS Command Injection vulnerability in Dell EMC Data Protection Advisor 18.1/6.4/6.5
Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability.
network
low complexity
dell CWE-78
8.8
2020-03-18 CVE-2019-18582 Code Injection vulnerability in Dell products
Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API.
network
low complexity
dell CWE-94
7.2
2020-03-18 CVE-2019-18581 Missing Authorization vulnerability in Dell products
Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API.
network
low complexity
dell CWE-862
7.2
2018-08-10 CVE-2018-11048 XXE vulnerability in Dell products
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API.
network
low complexity
dell CWE-611
8.1