High
Third-party Component |
CVEs |
More Information |
Apache Tomcat |
CVE-2024-24549, CVE-2024-23672, CVE-2021-24122, CVE-2022-34305, CVE-2023-42794, CVE-2024-21733 |
See NVD link below for individual scores for each CVE. |
libexpat |
CVE-2023-52425 |
See NVD link below for individual scores for each CVE. |
Python |
CVE-2024-0450 |
See NVD link below for individual scores for each CVE. |
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2024-22461 |
Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system. |
8.8 |
|
CVE-2024-48008 |
Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. An Low privileged remote attacker could potentially exploit this vulnerability leading to information disclosure ,allowing of unintended actions like reading files that may contain sensitive information |
5.3 |
|
CVE-2024-38488 |
Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Excessive Authentication vulnerability where a Network attacker could potentially exploit this vulnerability, leading to a brute force attack or a dictionary attack against the RecoverPoint login form and a complete system compromise. |
6.5 |
|
CVE-2024-24902 |
Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. A low privileged local attacker could potentially exploit this vulnerability leading to gaining access to unauthorized data for a limited time. |
6.6 |
|
CVE-2024-47984 |
Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after reboot, resulting in need of technical support intervention in getting system back to stable state. |
4.4 |
|
CVE-2024-28980 |
Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. |
6.5 |
|
CVE-2024-48007 |
Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data. |
5.3 |
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2024-22461 |
Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system. |
8.8 |
|
CVE-2024-48008 |
Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. An Low privileged remote attacker could potentially exploit this vulnerability leading to information disclosure ,allowing of unintended actions like reading files that may contain sensitive information |
5.3 |
|
CVE-2024-38488 |
Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Excessive Authentication vulnerability where a Network attacker could potentially exploit this vulnerability, leading to a brute force attack or a dictionary attack against the RecoverPoint login form and a complete system compromise. |
6.5 |
|
CVE-2024-24902 |
Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. A low privileged local attacker could potentially exploit this vulnerability leading to gaining access to unauthorized data for a limited time. |
6.6 |
|
CVE-2024-47984 |
Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after reboot, resulting in need of technical support intervention in getting system back to stable state. |
4.4 |
|
CVE-2024-28980 |
Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. |
6.5 |
|
CVE-2024-48007 |
Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data. |
5.3 |
Product |
Affected Versions |
Remediated Versions |
Link |
RecoverPoint for Virtual Machines |
Versions 6.0 SP1 and 6.0 SP1 P1 |
Version 6.0 SP1 P2 or later |
https://www.dell.com/support/home/product-support/product/recoverpoint-for-virtual-machines/drivers |
Product |
Affected Versions |
Remediated Versions |
Link |
RecoverPoint for Virtual Machines |
Versions 6.0 SP1 and 6.0 SP1 P1 |
Version 6.0 SP1 P2 or later |
https://www.dell.com/support/home/product-support/product/recoverpoint-for-virtual-machines/drivers |
Revision |
Date |
Description |
1.0 |
2024-12-13 |
Initial Release |