cbcvebase.

Dell Cloudlink vulnerabilities

21 known vulnerabilities affecting dell/cloudlink.

Total CVEs
21
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH8MEDIUM9

Vulnerabilities

Page 1 of 2
CVE-2022-34379P2CRITICALCVSS 9.8fixed in 7.1.3≥ unspecified, < 7.1.32022-09-01
CVE-2022-34379 [CRITICAL] CWE-287 CVE-2022-34379: Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A re Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system.
nvd
CVE-2021-36314P3CRITICALCVSS 9.8≥ unspecified, < 7.1.12021-11-23
CVE-2021-36314 [CRITICAL] CVE-2021-36314: Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. A re Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. A remote unauthenticated attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary files on the end user system.
nvd
CVE-2025-45378P3CRITICALCVSS 9.1≥ 8.0, ≤ 8.1.2≥ 8.0, < 8.22025-11-05
CVE-2025-45378 [CRITICAL] CWE-78 CVE-2025-45378: Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials of server, attack is possible through network with k
nvd
CVE-2021-36335P3HIGHCVSS 8.8≥ unspecified, < 7.1.12021-11-23
CVE-2021-36335 [HIGH] CWE-20 CVE-2021-36335: Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, leading to execution of arbitrary files on the server
nvd
CVE-2025-30479P3HIGHCVSS 7.2fixed in 8.2≥ N/A, < 8.22025-11-05
CVE-2025-30479 [HIGH] CWE-78 CVE-2025-30479: Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known pa Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system.
nvd
CVE-2021-36312P3CRITICALCVSS 9.1fixed in 7.1.1≥ unspecified, < 7.1.12021-11-23
CVE-2021-36312 [CRITICAL] CWE-259 CVE-2021-36312: Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit this vulnerability to gain unauthorized access to the system.
nvd
CVE-2021-36313P3HIGHCVSS 7.2fixed in 7.1.1≥ unspecified, < 7.1.12021-11-23
CVE-2021-36313 [HIGH] CWE-74 CVE-2021-36313: Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remot Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over b
nvd
CVE-2025-45379P3HIGHCVSS 8.4fixed in 8.2≥ N/A, < 8.22025-11-05
CVE-2025-45379 [HIGH] CWE-78 CVE-2025-45379: Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known pa Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system.
nvd
CVE-2025-46364P3HIGHCVSS 7.2fixed in 8.1.12025-11-05
CVE-2025-46364 [HIGH] CWE-269 CVE-2025-46364: Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system.
nvd
CVE-2023-28076P3HIGHCVSS 7.5fixed in 7.1.3v7.1.2 and all prior versions2023-05-16
CVE-2023-28076 [HIGH] CWE-327 CVE-2023-28076: CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerabil CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure.
nvd
CVE-2024-38482P3HIGHCVSS 7.2≥ 7.1, < 8.1≥ N/A, < 8.12024-08-02
CVE-2024-38482 [HIGH] CWE-703 CVE-2024-38482: CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions V CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database.
nvd
CVE-2022-34380P3HIGHCVSS 8.2fixed in 7.1.4≥ unspecified, < 7.1.42022-09-01
CVE-2022-34380 [HIGH] CWE-287 CVE-2022-34380: Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Pa Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take cont
nvd
CVE-2025-46365P3MEDIUMCVSS 6.7fixed in 8.1.1≥ N/A, < 8.1.12025-11-05
CVE-2025-46365 [MEDIUM] CWE-77 CVE-2025-46365: Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploit Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink.
nvd
CVE-2022-24414P3MEDIUMCVSS 6.5≤ 7.1.3≥ unspecified, < 7.1.32022-05-26
CVE-2022-24414 [MEDIUM] CWE-598 CVE-2022-24414: Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These requ Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks.
nvd
CVE-2021-36334P4MEDIUMCVSS 6.8≥ unspecified, < 7.1.12021-11-23
CVE-2021-36334 [MEDIUM] CWE-1236 CVE-2021-36334: Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remot Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine
nvd
CVE-2025-46366P4MEDIUMCVSS 6.7fixed in 8.1.1≥ N/A, < 8.1.12025-11-05
CVE-2025-46366 [MEDIUM] CWE-256 CVE-2025-46366: Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential information.
nvd
CVE-2021-36332P4MEDIUMCVSS 5.4≥ unspecified, < 7.1.12021-11-23
CVE-2021-36332 [MEDIUM] CWE-601 CVE-2021-36332: Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites.
nvd
CVE-2025-26484P4MEDIUMCVSS 4.9≥ 8.0, < 8.1.2≥ 8.0, ≤ 8.1.12025-08-14
CVE-2025-26484 [MEDIUM] CWE-611 CVE-2025-26484: Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
nvd
CVE-2024-37137P4MEDIUMCVSS 5.5fixed in 7.1.9≥ N/A, < 7.1.92024-06-28
CVE-2024-37137 [MEDIUM] CWE-1240 CVE-2024-37137: Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Im Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information disclosure.
nvd
CVE-2021-36333P4MEDIUMCVSS 5.5≥ unspecified, < 7.1.12021-11-23
CVE-2021-36333 [MEDIUM] CWE-120 CVE-2021-36333: Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low p Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low privileged attacker, may potentially exploit this vulnerability, leading to an application crash.
nvd
Dell Cloudlink vulnerabilities | cvebase