CVE-2022-34397 — Incorrect Authorization in Dell Unisphere FOR Powermax

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

5.7MEDIUMNVD

CNA6.9

EPSS

0.1%

top 81.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Unisphere FOR Powermax Dell Evasa Provider Virtual Appliance Dell Solutions Enabler Virtual Appliance +1 more

Timeline

PublishedFeb 13

Description

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5dell/unisphere_for_powermax< 10.0.0.5

▶NVDdell/evasa_provider_virtual_appliance< 9.2.4.15

▶NVDdell/solutions_enabler_virtual_appliance< 9.2.3.6+1

▶NVDdell/unisphere< 9.2.3.22+1

Patches

Patch: www.dell.com ↗Patch: www.dell.com ↗

🔴Vulnerability Details

GHSA

GHSA-qcx4-x6q7-8hc3: Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10↗2023-02-13

▶

CVEList

CVE-2022-34397: Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10↗2023-02-13

▶