CVE-2024-25971
MEDIUM WAF: High
CVSS 6.5
Published: 2024-03-28
CWE-611
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| dell | powerprotect_data_manager | up to 19.16 |
References
- www.dell.com (Vendor Advisory)