Dell Emc Unisphere For Powermax vulnerabilities

5 known vulnerabilities affecting dell/emc_unisphere_for_powermax.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2021-21548HIGHCVSS 7.4fixed in 9.1.0.272023-03-17
CVE-2021-21548 [HIGH] CWE-295 CVE-2021-21548: Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual A Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a
nvd
CVE-2022-45103MEDIUMCVSS 6.5fixed in 9.2.3.22≥ 10.0.0.0, < 10.0.0.52023-01-18
CVE-2022-45103 [MEDIUM] CWE-200 CVE-2022-45103: Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x con Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.
nvd
CVE-2020-5367HIGHCVSS 8.1fixed in 9.1.0.172020-06-23
CVE-2020-5367 [HIGH] CWE-295 CVE-2020-5367: Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying
nvd
CVE-2020-5345MEDIUMCVSS 5.4fixed in 9.1.0.172020-06-23
CVE-2020-5345 [MEDIUM] CWE-602 CVE-2020-5345: Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.
nvd
CVE-2019-18588MEDIUMCVSS 5.4fixed in 9.0.2.16≥ 9.1.0.0, < 9.1.0.92020-01-10
CVE-2019-18588 [MEDIUM] CWE-79 CVE-2019-18588: Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authentic
nvd