Impact
This vulnerability arises from improper access control within the RBAC mechanism of Dell PowerProtect Data Domain, allowing a low‐privileged attacker with remote access to tamper with stored information. The weakness is an improper access control flaw (CWE‑284) that could lead to data integrity violations if exploited.
Affected Systems
Dell PowerProtect Data Domain appliances running versions 7.7.1.0 through 8.6, LTS2026 release versions 8.6.1.0 through 8.6.1.10, LTS2025 release versions 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70 are affected.
Risk and Exploitability
The CVSS score of 4.3 indicates moderate severity, but the EPSS score is not available, so the likelihood of exploitation remains uncertain. The vulnerability appears to require the attacker to have remote access to the Data Domain appliance, potentially through its management interface, and leverage the RBAC flaw to perform unauthorized modifications.
OpenCVE Enrichment