CVE-2023-32465
https://notcve.org/view.php?id=CVE-2023-32465
Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker. • https://www.dell.com/support/kbdoc/en-us/000214943/dsa-2023-201-security-update-for-dell-powerprotect-cyber-recovery • CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax •
CVE-2022-34372
https://notcve.org/view.php?id=CVE-2022-34372
Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality Dell PowerProtect Cyber Recovery versiones anteriores a 19.11.0.2, contienen una vulnerabilidad de omisión de autenticación. Un atacante remoto no autenticado puede potencialmente acceder e interactuar con la API del registro de Docker, conllevando a una omisión de autenticación. El atacante puede potencialmente alterar las imágenes Docker, conllevando a una pérdida de integridad y confidencialidad • https://www.dell.com/support/kbdoc/en-us/000201970/dsa-2022-196-dell-emc-cyber-recovery-security-update-for-multiple-vulnerabilities • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2022-32481
https://notcve.org/view.php?id=CVE-2022-32481
Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover. Dell PowerProtect Cyber Recovery, versiones anteriores a 19.11, contienen una vulnerabilidad de escalada de privilegios en implementaciones de dispositivos virtuales. Un usuario autenticado poco privilegiado puede encadenar los comandos de Docker para escalar los privilegios a root, conllevando a una toma completa del sistema • https://support.emc.com/kb/000201213 •
CVE-2021-21512
https://notcve.org/view.php?id=CVE-2021-21512
Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account. Dell EMC PowerProtect Cyber ??Recovery, versión 19.7.0.1, contiene una vulnerabilidad de Divulgación de Información. Un usuario de Cyber ?? • https://www.dell.com/support/kbdoc/en-us/000183169/dsa-2021-038-dell-emc-powerprotect-cyber-recovery-security-update-for-unintended-information-disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •