Details of VAR-202312-0860

ID

VAR-202312-0860

CVE

CVE-2023-44284

TITLE

Dell PowerProtect Data Domain SQL Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-02570

DESCRIPTION

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized read access to application data. Dell PowerProtect Data Domain (Dell PowerProtect DD) is a set of hardware devices for data protection, backup, storage and deduplication from Dell (Dell). Dell PowerProtect Data Domain has a SQL injection vulnerability, which is caused by the lack of validation of external input SQL statements

Trust: 1.44

sources: NVD: CVE-2023-44284 // CNVD: CNVD-2025-02570

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-02570

AFFECTED PRODUCTS

vendor:	dell	model:	emc data domain os	scope:	gte	version:	7.0	Trust: 1.0
vendor:	dell	model:	powerprotect data domain	scope:	gte	version:	7.0	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	gte	version:	7.0	Trust: 1.0
vendor:	dell	model:	powerprotect data domain	scope:	lt	version:	7.12.0.0	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	lt	version:	7.10.1.15	Trust: 1.0
vendor:	dell	model:	emc data domain os	scope:	lt	version:	7.10.1.15	Trust: 1.0
vendor:	dell	model:	emc data domain os	scope:	lt	version:	7.12.0.0	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	lt	version:	7.7.5.25	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	gte	version:	7.10	Trust: 1.0
vendor:	dell	model:	apex protection storage	scope:	lt	version:	7.10.1.15	Trust: 1.0
vendor:	dell	model:	emc data domain os	scope:	lt	version:	7.7.5.25	Trust: 1.0
vendor:	dell	model:	emc data domain os	scope:	gte	version:	7.10	Trust: 1.0
vendor:	dell	model:	powerprotect data protection	scope:	lt	version:	2.7.6	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	gte	version:	7.7	Trust: 1.0
vendor:	dell	model:	emc data domain os	scope:	gte	version:	7.7	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	lt	version:	7.13.0.10	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	lt	version:	6.2.1.110	Trust: 1.0
vendor:	dell	model:	emc data domain os	scope:	lt	version:	6.2.1.110	Trust: 1.0
vendor:	dell	model:	powerprotect data domain	scope:	lt	version:	6.2.1.110	Trust: 1.0
vendor:	dell	model:	apex protection storage	scope:	gte	version:	7.0	Trust: 1.0
vendor:	dell	model:	apex protection storage	scope:	lt	version:	6.2.1.110	Trust: 1.0
vendor:	dell	model:	powerprotect data domain	scope:	lt	version:	7.13.0.10	Trust: 0.6
vendor:	dell	model:	powerprotect data domain <lts	scope:	eq	version:	7.7.5.25	Trust: 0.6
vendor:	dell	model:	powerprotect data domain <lts	scope:	eq	version:	7.10.1.15	Trust: 0.6
vendor:	dell	model:	powerprotect data domain	scope:	eq	version:	6.2.1.110	Trust: 0.6

sources: CNVD: CNVD-2025-02570 // NVD: CVE-2023-44284

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-44284
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2023-44284
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-02570
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-02570
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-44284
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2025-02570 // NVD: CVE-2023-44284 // NVD: CVE-2023-44284

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.0

sources: NVD: CVE-2023-44284

PATCH

title:

Patch for Dell PowerProtect Data Domain SQL Injection Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/652866

Trust: 0.6

sources: CNVD: CNVD-2025-02570

EXTERNAL IDS

db:	NVD	id:	CVE-2023-44284	Trust: 1.6
db:	CNVD	id:	CNVD-2025-02570	Trust: 0.6

sources: CNVD: CNVD-2025-02570 // NVD: CVE-2023-44284

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2023-44284	Trust: 0.6

sources: CNVD: CNVD-2025-02570 // NVD: CVE-2023-44284

SOURCES

db:	CNVD	id:	CNVD-2025-02570
db:	NVD	id:	CVE-2023-44284

LAST UPDATE DATE

2025-02-07T23:15:38.545000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-02570	date:	2025-02-06T00:00:00
db:	NVD	id:	CVE-2023-44284	date:	2023-12-27T19:31:19.403

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-02570	date:	2024-01-22T00:00:00
db:	NVD	id:	CVE-2023-44284	date:	2023-12-14T16:15:46.880