CVE-2020-5356 HIGH

CVE-2020-5356

Vendor Dell
Product Power Protect Data Manager
Weakness CWE-285
Published July 6, 2020
Last update September 16, 2024

CVSS base score

7.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.

Key dates

02Disclosure timeline

July 6, 2020 CVE published
September 16, 2024 Record updated