Dell Powerprotect Data Manager
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Dell Powerprotect Data Manager.
By the Year
In 2026 there have been 4 vulnerabilities in Dell Powerprotect Data Manager with an average score of 6.0 out of ten. Last year, in 2025 Powerprotect Data Manager had 10 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Powerprotect Data Manager in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.67
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 4 | 5.95 |
| 2025 | 10 | 6.62 |
| 2024 | 3 | 7.50 |
| 2023 | 1 | 8.80 |
It may take a day or so for new Powerprotect Data Manager vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Dell Powerprotect Data Manager Security Vulnerabilities
Dell PowerProtect DM <19.22: Incorrect Priv Assignment (ELEV)
CVE-2026-22267
8.1 - High
- February 19, 2026
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
Incorrect Privilege Assignment
Dell PowerProtect DM <19.22: Incorrect Privilege Assignment (DoS)
CVE-2026-22268
6.3 - Medium
- February 19, 2026
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection.
Incorrect Privilege Assignment
Dell PowerProtect DM Improper Comm Channel Verification <19.22 (REST API)
CVE-2026-22266
4.7 - Medium
- February 19, 2026
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.
Improper Neutralization of Expression/Command Delimiters
Dell PowerProtect Data Manager <19.22 Improper Verif. of Channel Source
CVE-2026-22269
4.7 - Medium
- February 19, 2026
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.
Improper Verification of Source of a Communication Channel
Dell PowerProtect Data Manager 19.19/19.20 - HyperV Path Traversal
CVE-2025-43886
4.4 - Medium
- September 10, 2025
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.
Path Traversal: '.../...//'
Dell PowerProtect DM 19.19-20 Elevation via Hyper-V Incorrect Default Permissions
CVE-2025-43887
7 - High
- September 10, 2025
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Incorrect Default Permissions
Dell PowerProtect DM AGM 19.19-19.20 Local Code Exec via Improper Permissions
CVE-2025-43725
7.8 - High
- September 10, 2025
Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Incorrect Default Permissions
Dell PowerProtect Data Manager 19.19-19.20 OS Command Injection in Hyper-V
CVE-2025-43885
7.8 - High
- September 10, 2025
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
Shell injection
Dell PowerProtect Data Manager 19.19/19.20 OS Command Injection via Hyper-V
CVE-2025-43884
8.2 - High
- September 10, 2025
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
Shell injection
Dell PPM 19.19/19.20 Log File Sensitive Info Insertion
CVE-2025-43888
8.8 - High
- September 10, 2025
Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
Insertion of Sensitive Information into Log File
Dell PowerProtect DM <=19.18 Improper Input Validation leaks files
CVE-2025-30480
- July 30, 2025
Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files.
Improper Input Validation
Dell PowerProtect Data Manager Reporting 19.17 LPE via Privileged API Use
CVE-2025-23375
7.8 - High
- April 28, 2025
Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Incorrect Use of Privileged APIs
Dell PP Manager Rpt 19.16-19.18: Improper Neutralization of tmpl Engine
CVE-2025-23376
4.4 - Medium
- April 28, 2025
Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.
Code Injection
Dell PowerProtect DataMgr Reporting v19.17/19.18: Improper Encoding Vulnerability
CVE-2025-23377
3.4 - Low
- April 28, 2025
Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs.
Output Sanitization
Dell PowerProtect Data Manager 19.15 XML External Entity Injection (XEE)
CVE-2024-25971
6.5 - Medium
- March 28, 2024
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.
XXE
Weak password recovery in Dell PowerProtect Data Manager (pre-19.15)
CVE-2024-22454
8.8 - High
- February 13, 2024
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change
Weak Password Recovery Mechanism for Forgotten Password
Dell PowerProtect Data Manager <19.15 OS Command Injection
CVE-2024-22445
7.2 - High
- February 13, 2024
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
Shell injection
Dell PPDM <=19.12 Improper Access Control Enables Low-Privilege Bypass
CVE-2023-28062
8.8 - High
- April 11, 2023
Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Dell Powerprotect Data Manager or by Dell? Click the Watch button to subscribe.
