Details of VAR-202007-1293

ID

VAR-202007-1293

CVE

CVE-2020-5356

TITLE

Dell PowerProtect Data Manager and PowerProtect X400 Vulnerability in externally accessible files or directories in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008062

DESCRIPTION

Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines. The product supports functions such as data backup, virtual machine backup and database protection. PowerProtect X400 is a data management device

Trust: 1.71

sources: NVD: CVE-2020-5356 // JVNDB: JVNDB-2020-008062 // VULHUB: VHN-183481

AFFECTED PRODUCTS

vendor:	dell	model:	powerprotect data manager	scope:	lt	version:	19.4	Trust: 1.0
vendor:	dell	model:	powerprotect x400	scope:	lt	version:	3.2	Trust: 1.0
vendor:	デル	model:	powerprotect data manager	scope:	lt	version:	19.4	Trust: 0.8
vendor:	デル	model:	powerprotect x400	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-008062 // NVD: CVE-2020-5356

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5356
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2020-5356
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-5356
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202007-261
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-183481
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-5356
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-183481
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-5356
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2020-5356
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2020-5356
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-183481 // JVNDB: JVNDB-2020-008062 // CNNVD: CNNVD-202007-261 // NVD: CVE-2020-5356 // NVD: CVE-2020-5356

PROBLEMTYPE DATA

problemtype:	CWE-552	Trust: 1.1
problemtype:	CWE-285	Trust: 1.0
problemtype:	Externally accessible file or directory (CWE-552) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-183481 // JVNDB: JVNDB-2020-008062 // NVD: CVE-2020-5356

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-261

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202007-261

PATCH

title:	DSA-2020-099	url:	https://www.dell.com/support/security/en-us/details/544733/DSA-2020-099-Dell-PowerProtect-Data-Manager-Improper-Authorization-Vulnerability	Trust: 0.8
title:	Dell PowerProtect Data Manager and PowerProtect X400 Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124638	Trust: 0.6

sources: JVNDB: JVNDB-2020-008062 // CNNVD: CNNVD-202007-261

EXTERNAL IDS

db:	NVD	id:	CVE-2020-5356	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-008062	Trust: 0.8
db:	CNNVD	id:	CNNVD-202007-261	Trust: 0.7
db:	NSFOCUS	id:	47109	Trust: 0.6
db:	VULHUB	id:	VHN-183481	Trust: 0.1

sources: VULHUB: VHN-183481 // JVNDB: JVNDB-2020-008062 // CNNVD: CNNVD-202007-261 // NVD: CVE-2020-5356

REFERENCES

url:	https://www.dell.com/support/security/en-us/details/544733/dsa-2020-099-dell-powerprotect-data-manager-improper-authorization-vulnerability	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5356	Trust: 1.4
url:	http://www.nsfocus.net/vulndb/47109	Trust: 0.6

sources: VULHUB: VHN-183481 // JVNDB: JVNDB-2020-008062 // CNNVD: CNNVD-202007-261 // NVD: CVE-2020-5356

SOURCES

db:	VULHUB	id:	VHN-183481
db:	JVNDB	id:	JVNDB-2020-008062
db:	CNNVD	id:	CNNVD-202007-261
db:	NVD	id:	CVE-2020-5356

LAST UPDATE DATE

2024-11-23T22:40:59.400000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-183481	date:	2020-07-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-008062	date:	2020-09-03T00:00:00
db:	CNNVD	id:	CNNVD-202007-261	date:	2020-07-21T00:00:00
db:	NVD	id:	CVE-2020-5356	date:	2024-11-21T05:33:58.377

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-183481	date:	2020-07-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-008062	date:	2020-09-03T00:00:00
db:	CNNVD	id:	CNNVD-202007-261	date:	2020-07-06T00:00:00
db:	NVD	id:	CVE-2020-5356	date:	2020-07-06T18:15:20.857