Impact
The vulnerability is a use of uninitialized resources that allows an attacker with low privileged local access to potentially reveal sensitive information. This weakness is classified under CWE‑908 and can lead to unauthorized data disclosure within the affected Dell PowerProtect Data Domain system.
Affected Systems
Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7, LTS2026 release 8.6.1.0 through 8.6.1.10, LTS2025 release 8.3.1.0 through 8.3.1.30, and LTS2024 release 7.13.1.0 through 7.13.1.70 are impacted.
Risk and Exploitability
The CVSS score of 3.3 indicates low severity, and the EPSS score is not available. The vulnerability is listed in no KEV catalog. The likely exploitation path requires local, low privileged access, making it less exploitable from a remote perspective. Nonetheless, if an attacker gains local access they could read uninitialized data leading to information disclosure.
OpenCVE Enrichment