Dell EMC Data Protection Advisor 6.4 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) Vulnerability

Summary

Dell EMC Data Protection Advisor 6.4 suffers from improper neutralization of special elements used in an os command (‘OS Command Injection’) vulnerability

Credit:

The information has been provided by Vendor

The original article can be found at:https://www.dell.com/support/security/en-us/details/542719/DSA-2020-081-Dell-EMC-Data-Protection-Advisor-OS-Command-Injection-Vulnerability


Details

Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system.

 

Vulnerable Systems:

Dell EMC Data Protection Advisor 6.4

Dell EMC Data Protection Advisor 6.5 

Dell EMC Data Protection Advisor 18.1

 

CVE Information:

CVE-2020-5352

 

Disclosure Timeline:
Published Date:7/6/2020

Categories: FeaturedNews