mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
117 lines
4.8 KiB
JSON
117 lines
4.8 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-22426",
|
|
"ASSIGNER": "secure@dell.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-434: Unrestricted Upload of File with Dangerous Type",
|
|
"cweId": "CWE-434"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Dell",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "RecoverPoint for VMs",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "5.3 SP2"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "5.3 SP2 P1"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "5.3 SP2 P2"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "5.3 SP2 P4"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "5.3 SP3 P1"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "5.3 SP3 P2"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "6.0.SP1"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities",
|
|
"refsource": "MISC",
|
|
"name": "https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities"
|
|
},
|
|
{
|
|
"url": "https://www.dell.com/support/kbdoc/en-us/000228154/dsa-2024-369-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities",
|
|
"refsource": "MISC",
|
|
"name": "https://www.dell.com/support/kbdoc/en-us/000228154/dsa-2024-369-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.1.0-dev"
|
|
},
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.2,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "HIGH",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |