cvelistv5 - CVE-2020-5356

CVE-2020-5356 (GCVE-0-2020-5356)

Vulnerability from cvelistv5

Published

2020-07-06 17:45

Modified

2024-09-16 19:36

Severity ?

7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-285 - Improper Authorization

Summary

References

▼	URL	Tags
	security_alert@emc.com	https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability	Vendor Advisory

Impacted products

	Vendor	Product	Version
	Dell	Power Protect Data Manager	Version: unspecified < PowerProtect Data Manager version 19.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:30:23.434Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Power Protect Data Manager",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "PowerProtect  Data Manager version 19.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285: Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-06T17:45:17",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2020-06-22",
          "ID": "CVE-2020-5356",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Power Protect Data Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "PowerProtect  Data Manager version 19.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 7.7,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-285: Improper Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability",
              "refsource": "MISC",
              "url": "https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2020-5356",
    "datePublished": "2020-07-06T17:45:17.910815Z",
    "dateReserved": "2020-01-03T00:00:00",
    "dateUpdated": "2024-09-16T19:36:53.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-5356\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2020-07-06T18:15:20.857\",\"lastModified\":\"2024-11-21T05:33:58.377\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.\"},{\"lang\":\"es\",\"value\":\"Dell PowerProtect Data Manager (PPDM) versiones anteriores a 19.4 y Dell PowerProtect X400 versiones anteriores a 3.2, contienen una vulnerabilidad de autorizaci\u00f3n inapropiada. Un usuario malicioso autenticado remoto puede descargar cualquier archivo de las m\u00e1quinas virtuales PowerProtect afectadas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-285\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-552\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:powerprotect_data_manager:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"19.4\",\"matchCriteriaId\":\"97014536-D1B6-4C1F-8137-AFEF31767D21\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:powerprotect_x400_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.2\",\"matchCriteriaId\":\"D131522D-FE0F-4234-AC3C-A4724EF6FCC4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:powerprotect_x400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6999A98F-0204-4A50-94A9-66DB8F7D0E8C\"}]}]}],\"references\":[{\"url\":\"https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

var-202007-1293

Vulnerability from variot

Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines. The product supports functions such as data backup, virtual machine backup and database protection. PowerProtect X400 is a data management device

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1293",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "powerprotect data manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "dell",
        "version": "19.4"
      },
      {
        "model": "powerprotect x400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "dell",
        "version": "3.2"
      },
      {
        "model": "powerprotect data manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30c7\u30eb",
        "version": "19.4"
      },
      {
        "model": "powerprotect x400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30c7\u30eb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008062"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5356"
      }
    ]
  },
  "cve": "CVE-2020-5356",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2020-5356",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-183481",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-5356",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "security_alert@emc.com",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.1,
            "id": "CVE-2020-5356",
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2020-5356",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-5356",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "security_alert@emc.com",
            "id": "CVE-2020-5356",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2020-5356",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202007-261",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-183481",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183481"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-261"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5356"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5356"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines. The product supports functions such as data backup, virtual machine backup and database protection. PowerProtect X400 is a data management device",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-5356"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008062"
      },
      {
        "db": "VULHUB",
        "id": "VHN-183481"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-5356",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008062",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-261",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "47109",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-183481",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183481"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-261"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5356"
      }
    ]
  },
  "id": "VAR-202007-1293",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183481"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:40:59.400000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DSA-2020-099",
        "trust": 0.8,
        "url": "https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability"
      },
      {
        "title": "Dell PowerProtect Data Manager  and PowerProtect X400 Remediation measures for authorization problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124638"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-261"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-552",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-285",
        "trust": 1.0
      },
      {
        "problemtype": "Externally accessible file or directory (CWE-552) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183481"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008062"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5356"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.dell.com/support/security/en-us/details/544733/dsa-2020-099-dell-powerprotect-data-manager-improper-authorization-vulnerability"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5356"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/47109"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183481"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-261"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5356"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-183481"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-261"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5356"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-07-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-183481"
      },
      {
        "date": "2020-09-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008062"
      },
      {
        "date": "2020-07-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-261"
      },
      {
        "date": "2020-07-06T18:15:20.857000",
        "db": "NVD",
        "id": "CVE-2020-5356"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-07-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-183481"
      },
      {
        "date": "2020-09-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008062"
      },
      {
        "date": "2020-07-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-261"
      },
      {
        "date": "2024-11-21T05:33:58.377000",
        "db": "NVD",
        "id": "CVE-2020-5356"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-261"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell\u00a0PowerProtect\u00a0Data\u00a0Manager\u00a0 and \u00a0PowerProtect\u00a0X400\u00a0 Vulnerability in externally accessible files or directories in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008062"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-261"
      }
    ],
    "trust": 0.6
  }
}

gsd-2020-5356

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2020-5356

Aliases

CVE-2020-5356

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-5356",
    "description": "Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.",
    "id": "GSD-2020-5356"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-5356"
      ],
      "details": "Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.",
      "id": "GSD-2020-5356",
      "modified": "2023-12-13T01:22:03.873286Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@dell.com",
        "DATE_PUBLIC": "2020-06-22",
        "ID": "CVE-2020-5356",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Power Protect Data Manager",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "PowerProtect  Data Manager version 19.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Dell"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": 7.7,
          "baseSeverity": "High",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-285: Improper Authorization"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability",
            "refsource": "MISC",
            "url": "https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:powerprotect_data_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "19.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:powerprotect_x400_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:powerprotect_x400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2020-5356"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-552"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-07-20T17:58Z",
      "publishedDate": "2020-07-06T18:15Z"
    }
  }
}

ghsa-f5jv-3q57-gqc5

Vulnerability from github

Published

2022-05-24 17:22

Modified

2022-05-24 17:22

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-5356"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-06T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.",
  "id": "GHSA-f5jv-3q57-gqc5",
  "modified": "2022-05-24T17:22:27Z",
  "published": "2022-05-24T17:22:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5356"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cnvd-2021-00038

Vulnerability from cnvd

Title: Dell PowerProtect Data Manager和PowerProtect X400授权问题漏洞

Description:

Dell PowerProtect Data Manager（PPDM）和PowerProtect X400都是美国戴尔（Dell）公司的产品。Dell PowerProtect Data Manager是一套数据保护解决方案。该产品支持数据备份、虚拟机备份和数据库保护等功能。PowerProtect X400是一款数据管理设备。

Dell PPDM 19.4之前版本和PowerProtect X400 3.2之前版本中存在授权问题漏洞。远程攻击者可利用该漏洞从受影响的PowerProtect虚拟机下载任何文件。

Severity: 中

Patch Name: Dell PowerProtect Data Manager和PowerProtect X400授权问题漏洞的补丁

Patch Description:

Dell PPDM 19.4之前版本和PowerProtect X400 3.2之前版本中存在授权问题漏洞。远程攻击者可利用该漏洞从受影响的PowerProtect虚拟机下载任何文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息： https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-5356

Impacted products

Name
['Dell PowerProtect Data Manager（PPDM） <19.4', 'Dell PowerProtect X400 <3.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-5356"
    }
  },
  "description": "Dell PowerProtect Data Manager\uff08PPDM\uff09\u548cPowerProtect X400\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Dell PowerProtect Data Manager\u662f\u4e00\u5957\u6570\u636e\u4fdd\u62a4\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u6570\u636e\u5907\u4efd\u3001\u865a\u62df\u673a\u5907\u4efd\u548c\u6570\u636e\u5e93\u4fdd\u62a4\u7b49\u529f\u80fd\u3002PowerProtect X400\u662f\u4e00\u6b3e\u6570\u636e\u7ba1\u7406\u8bbe\u5907\u3002\n\nDell PPDM 19.4\u4e4b\u524d\u7248\u672c\u548cPowerProtect X400 3.2\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u53d7\u5f71\u54cd\u7684PowerProtect\u865a\u62df\u673a\u4e0b\u8f7d\u4efb\u4f55\u6587\u4ef6\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-00038",
  "openTime": "2021-01-02",
  "patchDescription": "Dell PowerProtect Data Manager\uff08PPDM\uff09\u548cPowerProtect X400\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Dell PowerProtect Data Manager\u662f\u4e00\u5957\u6570\u636e\u4fdd\u62a4\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u6570\u636e\u5907\u4efd\u3001\u865a\u62df\u673a\u5907\u4efd\u548c\u6570\u636e\u5e93\u4fdd\u62a4\u7b49\u529f\u80fd\u3002PowerProtect X400\u662f\u4e00\u6b3e\u6570\u636e\u7ba1\u7406\u8bbe\u5907\u3002\r\n\r\nDell PPDM 19.4\u4e4b\u524d\u7248\u672c\u548cPowerProtect X400 3.2\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u53d7\u5f71\u54cd\u7684PowerProtect\u865a\u62df\u673a\u4e0b\u8f7d\u4efb\u4f55\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell PowerProtect Data Manager\u548cPowerProtect X400\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Dell PowerProtect Data Manager\uff08PPDM\uff09 \u003c19.4",
      "Dell PowerProtect X400 \u003c3.2"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-5356",
  "serverity": "\u4e2d",
  "submitTime": "2020-07-07",
  "title": "Dell PowerProtect Data Manager\u548cPowerProtect X400\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

fkie_cve-2020-5356

Vulnerability from fkie_nvd

Published

2020-07-06 18:15

Modified

2024-11-21 05:33

Severity ?

7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

▼	URL	Tags
	security_alert@emc.com	https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability	Vendor Advisory

Impacted products

Vendor	Product	Version
dell	powerprotect_data_manager	*
dell	powerprotect_x400_firmware	*
dell	powerprotect_x400	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dell:powerprotect_data_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97014536-D1B6-4C1F-8137-AFEF31767D21",
              "versionEndExcluding": "19.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:powerprotect_x400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D131522D-FE0F-4234-AC3C-A4724EF6FCC4",
              "versionEndExcluding": "3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:powerprotect_x400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6999A98F-0204-4A50-94A9-66DB8F7D0E8C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines."
    },
    {
      "lang": "es",
      "value": "Dell PowerProtect Data Manager (PPDM) versiones anteriores a 19.4 y Dell PowerProtect X400 versiones anteriores a 3.2, contienen una vulnerabilidad de autorizaci\u00f3n inapropiada. Un usuario malicioso autenticado remoto puede descargar cualquier archivo de las m\u00e1quinas virtuales PowerProtect afectadas"
    }
  ],
  "id": "CVE-2020-5356",
  "lastModified": "2024-11-21T05:33:58.377",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.0,
        "source": "security_alert@emc.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-06T18:15:20.857",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-552"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-5356 (GCVE-0-2020-5356)

Vulnerability from cvelistv5

var-202007-1293

Vulnerability from variot

gsd-2020-5356

Vulnerability from gsd

ghsa-f5jv-3q57-gqc5

Vulnerability from github

cnvd-2021-00038

Vulnerability from cnvd

fkie_cve-2020-5356

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature