Critical
Third-Party Component |
CVEs | More information |
---|---|---|
Intel | CVE-2023-39432, CVE-2023-33870, CVE-2023-29153 | DSA-2024-001 |
TianoCore EDK2 | CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233 CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237 |
DSA-2023-357 |
BIOS | CVE-2023-32460 |
DSA-2023-361 |
PowerEdge Server BIOS | CVE-2024-0172 | DSA-2024-035 |
Intel | CVE-2022-40982, CVE-2022-43505, CVE-2023-47165, CVE-2024-21828 | IINTEL-SA-00828 |
Hypervisor Manager | CVE-2023-34048, CVE-2023-34056 | VMSA-2023-0023 |
Appliance OS | CVE-2023-46604, CVE-2022-1245, CVE-2015-7501, CVE-2023-6378, CVE-2023-44487, CVE-2023-34462, CVE-2023-35116 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2024-24908 | Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
CVE-2024-22460 | Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application. | 2.2 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2024-24908 | Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
CVE-2024-22460 | Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application. | 2.2 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N |
Product | Affected Versions | Updated Version | Link |
---|---|---|---|
Dell PowerProtect Data Manager DM5500 Appliance | Versions 5.15 and prior | 5.16 | https://dl.dell.com/downloads/X8M5P_PowerProtect-Data-Manager-DM5500-Appliance-5.16.0.0-Upgrade-file.pkg |
Product | Affected Versions | Updated Version | Link |
---|---|---|---|
Dell PowerProtect Data Manager DM5500 Appliance | Versions 5.15 and prior | 5.16 | https://dl.dell.com/downloads/X8M5P_PowerProtect-Data-Manager-DM5500-Appliance-5.16.0.0-Upgrade-file.pkg |
Revision | Date | Description |
---|---|---|
1.0 | 2024-05-07 | Initial Release |
2.0 | 2024-05-16 | Updated Third-Party Component table |
3.0 | 2024-08-12 | Added PowerEdge Server BIOS CVE to the Third-Party Component table |