Description
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
Published: 2026-04-17
Score: 6.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Remote Access
Action: Apply Patch
AI Analysis

Impact

Dell PowerProtect Data Domain running Data Domain Operating System Feature Release 8.4 through 8.5 suffers from an improper authentication flaw (CWE‑287). A high‑privileged attacker who can reach the appliance remotely could potentially exploit the weakness, allowing that attacker to gain unauthorized access.

Affected Systems

Dell PowerProtect Data Domain appliances that run DD OS Feature Release 8.4 and 8.5 are affected. The flaw exists in the component that processes remote authentication requests.

Risk and Exploitability

The CVSS score of 6.6 indicates moderate severity. The EPSS score is reported as < 1 %, indicating a low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires remote access and a high‑privileged attacker; once achieved, the attacker gains unauthorized capabilities on the appliance.

Generated by OpenCVE AI on April 18, 2026 at 19:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell PowerProtect Data Domain security update available via the Dell support link, which includes the authentication flaw fix.
  • Implement strong authentication controls and enforce least‑privilege for any privileged accounts that access the appliance remotely.
  • Restrict the appliance's network exposure to trusted networks and monitor inbound connections for anomalous activity.

Generated by OpenCVE AI on April 18, 2026 at 19:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell data Domain Operating System
CPEs cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*
Vendors & Products Dell data Domain Operating System

Sat, 18 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
Title Improper Authentication in Dell PowerProtect Data Domain 8.4-8.5

Fri, 17 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerprotect Data Domain
Vendors & Products Dell
Dell powerprotect Data Domain

Fri, 17 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 11:45:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
Weaknesses CWE-287
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Data Domain Operating System Powerprotect Data Domain
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-18T03:55:34.970Z

Reserved: 2025-04-26T05:03:53.129Z

Link: CVE-2025-46641

cve-icon Vulnrichment

Updated: 2026-04-17T12:09:26.422Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-17T12:16:32.207

Modified: 2026-05-05T14:56:27.687

Link: CVE-2025-46641

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T19:30:08Z

Weaknesses