Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data.
References
Configurations
Configuration 1 (hide)
|
History
23 Sep 2024, 21:00
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:* | |
Summary |
|
|
References | () https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities - Vendor Advisory | |
First Time |
Dell
Dell data Domain Operating System |
26 Jun 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-26 03:15
Updated : 2024-09-23 21:00
NVD link : CVE-2024-29174
Mitre link : CVE-2024-29174
CVE.ORG link : CVE-2024-29174
JSON object : View
Products Affected
dell
- data_domain_operating_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')