Vulnerability Description
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Powerprotect Data Manager | <= 19.15 |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/en-us/000222025/dsa-2024-061-dell-power-protePatchVendor Advisory
- https://www.dell.com/support/kbdoc/en-us/000222025/dsa-2024-061-dell-power-protePatchVendor Advisory
FAQ
What is CVE-2024-22454?
CVE-2024-22454 is a vulnerability with a CVSS score of 8.8 (HIGH). Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this ...
How severe is CVE-2024-22454?
CVE-2024-22454 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-22454?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Powerprotect Data Manager.