"Dell Urges Customers to Patch Vulnerabilities in PowerProtect Products"

Dell is urging customers of its PowerProtect products to review a newly released security advisory and patch a series of potentially serious vulnerabilities.  Dell noted that the vulnerabilities impact PowerProtect Data Domain (DD) series appliances, which are designed to help organizations protect, manage, and recover data at scale.  APEX Protect Storage, PowerProtect DD Management Center, PowerProtect DP series appliances, and PowerProtect Data Manager appliances are also affected.  Dell announced that the most serious flaw (CVE-2023-44286) has a CVSS score of 8.8 and is described as a DOM-based cross-site scripting (XSS) issue that allows a remote, unauthenticated attacker to inject malicious code into the targeted user’s browser.  Exploitation could lead to client-side request forgery, session theft, and information disclosure.  Dell also said that several other vulnerabilities have been assigned a high severity rating, including OS command injection and improper access control flaws.  Dell noted that the command injection bugs can be exploited to execute arbitrary commands on the underlying operating system with the privileges of the vulnerable exploitation, and they could allow an attacker to take over the targeted system. 

SecurityWeek reports: "Dell Urges Customers to Patch Vulnerabilities in PowerProtect Products"