Dell Powermax Os

Dell vApp Manager before 9.2.4.x Info Disclosure Vulnerability
CVE-2023-48671 7.5 - High - December 14, 2023

Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A remote attacker could potentially exploit this vulnerability leading to obtain sensitive information that may aid in further attacks.

Dell vApp Manager 9.x - command injection before 9.2.4.x
CVE-2023-48662 7.2 - High - December 14, 2023

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

Shell injection

Dell vApp Manager <9.2.4: Remote Arbitrary File Read
CVE-2023-48661 4.9 - Medium - December 14, 2023

Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system.

Files or Directories Accessible to External Parties

Dell vApp Manager <=9.2.4.x Arbitrary File Read via Remote Access
CVE-2023-48660 7.5 - High - December 14, 2023

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

Directory traversal

Dell vApp Manager <=9.2.4.x: Command Injection (CVE-2023-48663)
CVE-2023-48663 7.2 - High - December 14, 2023

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

Shell injection

Dell vApp Manager <9.2.4.x Command Injection (CVE-2023-48665)
CVE-2023-48665 7.2 - High - December 14, 2023

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

Shell injection

Dell vApp Manager <9.2.4: Remote Cmd Injection (CVE-2023-48664)
CVE-2023-48664 7.2 - High - December 14, 2023

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

Shell injection

Dell EMC Unisphere PowerMax <9.1.0.27 Improper Cert Validation (MIM)
CVE-2021-21548 7.4 - High - March 17, 2023

Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victims data in transit.

Improper Certificate Validation

Dell Unisphere PowerMax vApp 9.2.3.x Remote File Read Disclosure
CVE-2022-45103 6.5 - Medium - January 18, 2023

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.

Information Disclosure

Privilege Escalation in Dell EMC Unisphere for PowerMax <9.2.3.15
CVE-2022-31233 8 - High - August 31, 2022

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.

Incorrect Resource Transfer Between Spheres

The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts
CVE-2021-36339 7.8 - High - January 21, 2022

The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.

Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability
CVE-2021-36338 8 - High - January 21, 2022

Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338.

Reliance on Cookies without Validation and Integrity Checking

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability
CVE-2021-21531 7.8 - High - April 30, 2021

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.

Incorrect Resource Transfer Between Spheres

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17
CVE-2020-5367 8.1 - High - June 23, 2020

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim's data in transit.

Improper Certificate Validation