CVE-2024-37135
https://notcve.org/view.php?id=CVE-2024-37135
DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. • https://www.dell.com/support/kbdoc/en-us/000227424/dsa-2024-290-security-update-for-dell-powerprotect-data-manager-appliance-dm5500-for-multiple-vulnerabilities • CWE-256: Plaintext Storage of a Password •
CVE-2024-22460
https://notcve.org/view.php?id=CVE-2024-22460
Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application. Dell PowerProtect DM5500 versión 5.15.0.0 y anteriores contiene una vulnerabilidad de deserialización insegura. Un atacante remoto con altos privilegios podría explotar esta vulnerabilidad, lo que llevaría a la ejecución de código arbitrario en la aplicación vulnerable. • https://www.dell.com/support/kbdoc/en-us/000224843/dsa-2024-083-security-update-for-dell-powerprotect-data-manager-appliance-for-multiple-vulnerabilities • CWE-502: Deserialization of Untrusted Data •
CVE-2024-24908
https://notcve.org/view.php?id=CVE-2024-24908
Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem. Dell PowerProtect DM5500 versión 5.15.0.0 y anteriores contienen una vulnerabilidad de eliminación arbitraria de archivos mediante Path Traversal. Un atacante remoto con altos privilegios podría explotar esta vulnerabilidad para eliminar archivos arbitrarios almacenados en el sistema de archivos del servidor. • https://www.dell.com/support/kbdoc/en-us/000224843/dsa-2024-083-security-update-for-dell-powerprotect-data-manager-appliance-for-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •