Description
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.
Published: 2026-02-19
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation / Protection Mechanism Bypass
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an improper verification of the source of a communication channel in the REST API of Dell PowerProtect Data Manager. A remote, high‑privileged attacker could exploit this flaw to bypass built‑in protection mechanisms, potentially gaining unauthorized control over the system or accessing protected data.

Affected Systems

Dell PowerProtect Data Manager versions prior to 19.22 are affected.

Risk and Exploitability

The CVSS score of 4.7 indicates moderate severity. The EPSS score of less than 1% shows a very low but nonzero likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The most likely attack vector is a remote attacker who already has high privileges; once remote API access is achieved, the attacker can exploit the improper source verification to bypass protection controls.

Generated by OpenCVE AI on April 18, 2026 at 11:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell security update for PowerProtect Data Manager described in the Dell Security Advisory referenced above.
  • Ensure the system is upgraded to a version equal to or greater than 19.22 so the vulnerability is remediated.
  • If an upgrade cannot be performed immediately, restrict network and API access to trusted hosts and enforce strict authentication so that only authorized personnel can reach the REST API.

Generated by OpenCVE AI on April 18, 2026 at 11:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Improper Source Verification in Dell PowerProtect Data Manager REST API

Fri, 20 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:dell:powerprotect_data_manager:*:*:*:*:*:*:*:*

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerprotect Data Manager
Vendors & Products Dell
Dell powerprotect Data Manager

Thu, 19 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.
Weaknesses CWE-940
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Dell Powerprotect Data Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-02-20T16:09:36.834Z

Reserved: 2026-01-07T06:43:46.537Z

Link: CVE-2026-22269

cve-icon Vulnrichment

Updated: 2026-02-20T16:09:20.476Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-19T09:16:11.430

Modified: 2026-02-20T16:36:41.030

Link: CVE-2026-22269

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:00:05Z

Weaknesses