Vulnerability Description
Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web cache or trigger redirections.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Data Protection Central | >= 19.1, < 19.8 |
| Dell | Dp4400 Firmware | >= 2.5, <= 2.7 |
| Dell | Dp4400 | - |
| Dell | Dp5900 Firmware | >= 2.5, <= 2.7 |
| Dell | Dp5900 | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/en-us/000206329/dsa-2022-348-dell-emc-data-prVendor Advisory
- https://www.dell.com/support/kbdoc/en-us/000206329/dsa-2022-348-dell-emc-data-prVendor Advisory
FAQ
What is CVE-2022-45102?
CVE-2022-45102 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting...
How severe is CVE-2022-45102?
CVE-2022-45102 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-45102?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Data Protection Central, Dell Dp4400 Firmware, Dell Dp4400, Dell Dp5900 Firmware, Dell Dp5900.