CVE-2024-25971
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-25971
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Dell PowerProtect Data Manager 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Dell PowerProtect Data Manager(PPDM)是美国戴尔(Dell)公司的一套数据保护解决方案。该产品支持数据备份、虚拟机备份和数据库保护等功能。 Dell PowerProtect Data Manager 19.15版本存在代码问题漏洞,该漏洞源于存在XML外部实体注入漏洞,远程高权限攻击者可能会利用此漏洞导致信息泄露、拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Dell | PowerProtect Data Manager | N/A ~ 19.16 | - |
II. Public POCs for CVE-2024-25971
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-25971
请登录查看更多情报信息。
Same Patch Batch · Dell · 2024-03-28 · 10 CVEs total
| CVE-2024-25959 | 7.9 HIGH | Dell PowerScale OneFS 日志信息泄露漏洞 |
| CVE-2024-25960 | 7.3 HIGH | Dell PowerScale OneFS 安全漏洞 |
| CVE-2024-25955 | 7.2 HIGH | Dell vApp Manager 操作系统命令注入漏洞 |
| CVE-2024-25946 | 7.2 HIGH | Dell vApp Manager 操作系统命令注入漏洞 |
| CVE-2024-25953 | 6.0 MEDIUM | Dell PowerScale OneFS 安全漏洞 |
| CVE-2024-25952 | 6.0 MEDIUM | Dell PowerScale OneFS 安全漏洞 |
| CVE-2024-25961 | 6.0 MEDIUM | Dell PowerScale OneFS 安全漏洞 |
| CVE-2024-25963 | 5.9 MEDIUM | Dell PowerScale OneFS 加密问题漏洞 |
| CVE-2024-25954 | 5.3 MEDIUM | Dell PowerScale OneFS 代码问题漏洞 |
IV. Related Vulnerabilities
Same product: PowerProtect Data Manager
Same weakness: CWE-611
- CVE-2026-46722
XML External Entity Injection in extension "Faceted Search" - CVE-2026-44445
ERPNext: XML External Entity (XEE) Reference Vulnerability i - CVE-2026-41895
changedetection.io: XXE vulnerability in the changedetection - CVE-2026-41936
Vvveb < 1.0.8.2 XML External Entity Injection via Import - CVE-2026-40682
Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntr
V. Comments for CVE-2024-25971
No comments yet