Dell Data Protection Central update for third-party component
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE-ID | CVE-2024-37370 CVE-2023-32695 CVE-2024-42461 CVE-2023-31442 CVE-2024-25062 CVE-2023-52428 CVE-2024-21147 CVE-2024-8883 CVE-2024-3656 CVE-2024-7341 CVE-2024-47554 CVE-2024-8698 CVE-2024-2700 CVE-2024-2419 CVE-2024-1249 CVE-2024-4540 CVE-2024-1132 |
| CWE-ID | CWE-20 CWE-248 CWE-347 CWE-350 CWE-416 CWE-400 CWE-601 CWE-264 CWE-384 CWE-312 CWE-22 CWE-200 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #12 is available. |
| Vulnerable software |
Dell Data Protection Central Other software / Other software solutions |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU93518
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-37370
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell Data Protection Central: 19.9 - 19.11.0-2
CPE2.3- cpe:2.3:a:dell:dell_data_protection_central:19.9:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.10.0-4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.11.0-2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Uncaught Exception
EUVDB-ID: #VU78488
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-32695
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling. A remote attacker can send a specially crafted Socket.IO packet to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell Data Protection Central: 19.9 - 19.11.0-2
CPE2.3- cpe:2.3:a:dell:dell_data_protection_central:19.9:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.10.0-4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.11.0-2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU97604
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-42461
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error when handling BER-encoded ECDSA signatures. A remote attacker can bypass signature-based security checks.
Install update from vendor's website.
Vulnerable software versionsDell Data Protection Central: 19.9 - 19.11.0-2
CPE2.3- cpe:2.3:a:dell:dell_data_protection_central:19.9:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.10.0-4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.11.0-2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Reliance on Reverse DNS Resolution for a Security-Critical Action
EUVDB-ID: #VU103643
Risk: High
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-31442
CWE-ID:
CWE-350 - Reliance on Reverse DNS Resolution for a Security-Critical Action
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) uses predictable DNS transaction IDs when resolving DNS records. A remote attacker can exploit the vulnerability to perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell Data Protection Central: 19.9 - 19.11.0-2
CPE2.3- cpe:2.3:a:dell:dell_data_protection_central:19.9:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.10.0-4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.11.0-2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU86052
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-25062
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in xmlValidatePopElement when using the XML Reader interface with DTD validation and XInclude expansion enabled. A remote attacker can pass a specially crafted XML document to the application, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell Data Protection Central: 19.9 - 19.11.0-2
CPE2.3- cpe:2.3:a:dell:dell_data_protection_central:19.9:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.10.0-4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.11.0-2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource exhaustion
EUVDB-ID: #VU87615
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-52428
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of user requests by the PasswordBasedDecrypter (PBKDF2) component. A remote attacker can send a specially crafted request using a large JWE p2c header, trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell Data Protection Central: 19.9 - 19.11.0-2
CPE2.3- cpe:2.3:a:dell:dell_data_protection_central:19.9:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.10.0-4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.11.0-2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper input validation
EUVDB-ID: #VU94555
Risk: Medium
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21147
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell Data Protection Central: 19.9 - 19.11.0-2
CPE2.3- cpe:2.3:a:dell:dell_data_protection_central:19.9:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.10.0-4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.11.0-2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Open redirect
EUVDB-ID: #VU97622
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-8883
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to a misconfiguration when handling redirects. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell Data Protection Central: 19.9 - 19.11.0-2
CPE2.3- cpe:2.3:a:dell:dell_data_protection_central:19.9:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.10.0-4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.11.0-2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU93093
Risk: Medium
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-3656
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges within the application.
The vulnerability exists due to improperly imposed security restrictions on the administrative features. A remote low privileged user can utilize administrative functionalities within Keycloak admin interface and escalate privileges within the application.
Install update from vendor's website.
Vulnerable software versionsDell Data Protection Central: 19.9 - 19.11.0-2
CPE2.3- cpe:2.3:a:dell:dell_data_protection_central:19.9:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.10.0-4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.11.0-2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Session Fixation
EUVDB-ID: #VU97432
Risk: Medium
CVSSv4.0: 4.4 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-7341
CWE-ID:
CWE-384 - Session Fixation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the session fixation issue in the SAML adapters. A remote user who hijacks the current session before authentication can trigger session fixation.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell Data Protection Central: 19.9 - 19.11.0-2
CPE2.3- cpe:2.3:a:dell:dell_data_protection_central:19.9:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.10.0-4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.11.0-2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource exhaustion
EUVDB-ID: #VU98025
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-47554
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling untrusted input passed to the org.apache.commons.io.input.XmlStreamReader class. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell Data Protection Central: 19.9 - 19.11.0-2
CPE2.3- cpe:2.3:a:dell:dell_data_protection_central:19.9:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.10.0-4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.11.0-2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper verification of cryptographic signature
EUVDB-ID: #VU97621
Risk: Medium
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2024-8698
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: Yes
DescriptionThe vulnerability allows a remote user to escalate privileges within the application.
The vulnerability exists due to improper validation of SAML signature within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. A remote user can create crafted responses that bypass the validation, potentially leading to privilege escalation or impersonation attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell Data Protection Central: 19.9 - 19.11.0-2
CPE2.3- cpe:2.3:a:dell:dell_data_protection_central:19.9:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.10.0-4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.11.0-2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
13) Cleartext storage of sensitive information
EUVDB-ID: #VU91686
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-2700
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to cleartext storage of sensitive information in an environment variable. A local user can exploit this vulnerability to obtain local configuration properties information, and use this information to launch further attacks against the affected system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell Data Protection Central: 19.9 - 19.11.0-2
CPE2.3- cpe:2.3:a:dell:dell_data_protection_central:19.9:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.10.0-4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.11.0-2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Path traversal
EUVDB-ID: #VU88794
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-2419
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to an error in the redirect_uri validation logic within org.keycloak.protocol.oidc.utils. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell Data Protection Central: 19.9 - 19.11.0-2
CPE2.3- cpe:2.3:a:dell:dell_data_protection_central:19.9:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.10.0-4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.11.0-2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU88799
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-1249
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to "checkLoginIframe" allows unvalidated cross-origin messages. A remote attacker can send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell Data Protection Central: 19.9 - 19.11.0-2
CPE2.3- cpe:2.3:a:dell:dell_data_protection_central:19.9:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.10.0-4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.11.0-2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Information disclosure
EUVDB-ID: #VU93088
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-4540
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to an error in the OAuth 2.0 Pushed Authorization Requests (PAR) implementation. Client provided parameters are included in plain text in to
the KC_RESTART cookie returned by the authorization server's HTTP
response to a request_uri authorization request. A local user with access to the system can use the cookie to gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsDell Data Protection Central: 19.9 - 19.11.0-2
CPE2.3- cpe:2.3:a:dell:dell_data_protection_central:19.9:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.10.0-4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.11.0-2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Path traversal
EUVDB-ID: #VU88798
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-1132
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to improper validation of URLs included in a redirect in org.keycloak.protocol.oidc. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
Note, the vulnerability affects any client that utilizes a wildcard in the Valid Redirect URIs field.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell Data Protection Central: 19.9 - 19.11.0-2
CPE2.3- cpe:2.3:a:dell:dell_data_protection_central:19.9:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.10.0-4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:dell_data_protection_central:19.11.0-2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
