Description
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an exposure of sensitive information to an unauthorized actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information exposure.
Published: 2026-04-17
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in Dell PowerProtect Data Domain allows a low‑privileged attacker with remote access to obtain sensitive information that should remain confidential. The flaw is classified under CWE‑200, indicating information exposure, and the updated data includes additional CWE identifiers that are also relevant to this issue, which could further clarify the exact nature of the weakness. No other impact such as integrity or availability is described in the supplied data.

Affected Systems

Dell PowerProtect Data Domain systems running Data Domain Operating System Feature Release versions 7.7.1.0 through 8.5, LTS2025 release versions 8.3.1.0 through 8.3.1.20, and LTS2024 release versions 7.13.1.0 through 7.13.1.50 are affected.

Risk and Exploitability

The CVSS score is 4.3, placing the vulnerability in the low to moderate severity range. The EPSS score is 0.0001, indicating a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote access by a low‑privileged user, implying that an attacker with network reach and some local privileges could exploit the information‑exposure flaw but would need to authenticate or otherwise navigate the system’s access controls. Because the impact is limited to confidentiality and the severity is low, the risk is considered moderate.

Generated by OpenCVE AI on May 5, 2026 at 16:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell security update for PowerProtect Data Domain referenced in the Dell advisory (KB000450699).
  • Upgrade the Data Domain Operating System to a non‑affected version, ensuring the current install is beyond the ranges listed above.
  • Restrict remote access to trusted IP ranges and enforce least‑privilege authentication policies to reduce the opportunity for low‑privileged attackers.

Generated by OpenCVE AI on May 5, 2026 at 16:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 17:00:00 +0000

Type Values Removed Values Added
Title Remote Access Sensitive Information Exposure in Dell PowerProtect Data Domain

Tue, 05 May 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell data Domain Operating System
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:lts:*:*:*
cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*
Vendors & Products Dell data Domain Operating System

Sat, 18 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
Title Remote Access Sensitive Information Exposure in Dell PowerProtect Data Domain

Fri, 17 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerprotect Data Domain
Vendors & Products Dell
Dell powerprotect Data Domain

Fri, 17 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 12:00:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an exposure of sensitive information to an unauthorized actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information exposure.
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Dell Data Domain Operating System Powerprotect Data Domain
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-17T13:14:12.461Z

Reserved: 2026-01-16T06:05:50.873Z

Link: CVE-2026-23777

cve-icon Vulnrichment

Updated: 2026-04-17T13:14:07.958Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-17T12:16:32.343

Modified: 2026-05-05T15:01:14.033

Link: CVE-2026-23777

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T17:00:10Z

Weaknesses