Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Dell EMC Integrated Data Protection Appliance 操作系统命令注入漏洞
Vulnerability Description
Dell EMC Integrated Data Protection Appliance是美国戴尔(Dell)公司的一套基于磁盘的备份和恢复解决方案。ACM是其中的一个应用配置管理组件。 Dell EMC Integrated Data Protection Appliance中的ACM组件存在操作系统命令注入漏洞。攻击者可借助特制参数利用该漏洞操纵密码和执行恶意命令。以下产品及版本受到影响:Dell EMC Integrated Data Protection Appliance 2.0版本,2.1版
CVSS Information
N/A
Vulnerability Type
N/A