Dell Unisphere For Powermax Virtual Appliance vulnerabilities

CVE-2025-36588 [HIGH] CWE-89 CVE-2025-36588: Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special E Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

CVE-2025-36589 [HIGH] CWE-611 CVE-2025-36589: Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control.

CVE-2025-36595 [HIGH] CWE-96 CVE-2025-36595: Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Direc Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

CVE-2024-25946 [HIGH] CWE-78 CVE-2024-25946: Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorize Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.

CVE-2024-25955 [HIGH] CWE-78 CVE-2024-25955: Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorize Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.

CVE-2023-48664 [HIGH] CWE-78 CVE-2023-48664: Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote ma Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

CVE-2023-48671 [HIGH] CWE-200 CVE-2023-48671: Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A rem Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A remote attacker could potentially exploit this vulnerability leading to obtain sensitive information that may aid in further attacks.

CVE-2023-48665 [HIGH] CWE-78 CVE-2023-48665: Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote ma Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

CVE-2023-48662 [HIGH] CWE-78 CVE-2023-48662: Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote ma Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

CVE-2023-48660 [HIGH] CWE-22 CVE-2023-48660: Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

CVE-2023-48663 [HIGH] CWE-78 CVE-2023-48663: Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote ma Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

CVE-2023-48661 [MEDIUM] CWE-552 CVE-2023-48661: Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system.

CVE-2022-34397 [MEDIUM] CWE-863 CVE-2022-34397: Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 an Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.

CVE-2022-45104 [HIGH] CWE-77 CVE-2022-45104: Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x con Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system.

CVE-2022-31233 [HIGH] CWE-602 CVE-2022-31233: Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adj Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.

CVE-2021-36338 [HIGH] CWE-602 CVE-2021-36338: Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An a Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338.

CVE-2021-36339 [HIGH] CWE-250 CVE-2021-36339: The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.

CVE-2021-21531 [HIGH] CWE-602 CVE-2021-21531: Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.