CVE-2024-22454 is a vulnerability in Dell Powerprotect Data Manager
Published on February 13, 2024
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change
Vulnerability Analysis
CVE-2024-22454 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Weak Password Recovery Mechanism for Forgotten Password
The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
Products Associated with CVE-2024-22454
You can be notified by stack.watch whenever vulnerabilities like CVE-2024-22454 are published in these products:
What versions of Powerprotect Data Manager are vulnerable to CVE-2024-22454?
-
Dell Powerprotect Data Manager
Up to Version 19.15