Dell Unisphere For Powermax vulnerabilities

CVE-2026-26358 [HIGH] CWE-862 CVE-2026-26358: Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A lo Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

CVE-2026-26360 [HIGH] CWE-73 CVE-2026-26360: Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vu Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.

CVE-2026-26362 [HIGH] CWE-23 CVE-2026-26362: Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system files.

CVE-2026-26359 [HIGH] CWE-73 CVE-2026-26359: Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vu Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files.

CVE-2026-26361 [MEDIUM] CWE-73 CVE-2026-26361: Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vu Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

CVE-2025-36588 [HIGH] CWE-89 CVE-2025-36588: Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special E Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

CVE-2025-36589 [HIGH] CWE-611 CVE-2025-36589: Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control.

CVE-2025-27686 [MEDIUM] CWE-90 CVE-2025-27686: Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

CVE-2022-34397 [MEDIUM] CWE-863 CVE-2022-34397: Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 an Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.

CVE-2022-31233 [HIGH] CWE-602 CVE-2022-31233: Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adj Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.

CVE-2021-36338 [HIGH] CWE-602 CVE-2021-36338: Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An a Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338.

CVE-2021-36339 [HIGH] CWE-250 CVE-2021-36339: The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.

CVE-2021-21531 [HIGH] CWE-602 CVE-2021-21531: Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.

CVE-2020-35170 [MEDIUM] CWE-79 CVE-2020-35170: Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authentic

CVE-2020-5345 [MEDIUM] CWE-602 CVE-2020-5345: Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.

CVE-2019-18588 [MEDIUM] CWE-79 CVE-2019-18588: Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authentic