Dell Unisphere Powermax Virtual Appliance
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Dell Unisphere Powermax Virtual Appliance.
By the Year
In 2026 there have been 2 vulnerabilities in Dell Unisphere Powermax Virtual Appliance with an average score of 7.1 out of ten. Unisphere Powermax Virtual Appliance did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 7.10 |
| 2025 | 0 | 0.00 |
| 2024 | 2 | 8.80 |
| 2023 | 9 | 7.02 |
| 2022 | 3 | 7.93 |
| 2021 | 1 | 7.80 |
It may take a day or so for new Unisphere Powermax Virtual Appliance vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Dell Unisphere Powermax Virtual Appliance Security Vulnerabilities
Dell Unisphere PowerMax 9.2.4.X XSS Vulnerability (CVE-2026-26357)
CVE-2026-26357
5.4 - Medium
- February 17, 2026
Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
XSS
Dell Unisphere for PowerMax 10.2.0.x SQLi Enables Remote Exec
CVE-2025-36588
8.8 - High
- January 22, 2026
Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
SQL Injection
Dell vApp Manager <9.2.4.9: Cmd Injection Vulnerability
CVE-2024-25946
8.8 - High
- March 28, 2024
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.
Command Injection
Dell vApp Manager CMD Injection (pre 9.2.4.9)
CVE-2024-25955
8.8 - High
- March 28, 2024
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.
Command Injection
Dell vApp Manager before 9.2.4.x Info Disclosure Vulnerability
CVE-2023-48671
7.5 - High
- December 14, 2023
Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A remote attacker could potentially exploit this vulnerability leading to obtain sensitive information that may aid in further attacks.
Dell vApp Manager <=9.2.4.x Arbitrary File Read via Remote Access
CVE-2023-48660
7.5 - High
- December 14, 2023
Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.
Directory traversal
Dell vApp Manager <9.2.4: Remote Cmd Injection (CVE-2023-48664)
CVE-2023-48664
7.2 - High
- December 14, 2023
Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.
Shell injection
Dell vApp Manager <9.2.4.x Command Injection (CVE-2023-48665)
CVE-2023-48665
7.2 - High
- December 14, 2023
Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.
Shell injection
Dell vApp Manager <=9.2.4.x: Command Injection (CVE-2023-48663)
CVE-2023-48663
7.2 - High
- December 14, 2023
Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.
Shell injection
Dell vApp Manager <9.2.4: Remote Arbitrary File Read
CVE-2023-48661
4.9 - Medium
- December 14, 2023
Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system.
Files or Directories Accessible to External Parties
Dell vApp Manager 9.x - command injection before 9.2.4.x
CVE-2023-48662
7.2 - High
- December 14, 2023
Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.
Shell injection
Auth Bypass in Dell Unisphere PowerMax vApp 10.0.0.5
CVE-2022-34397
5.7 - Medium
- February 13, 2023
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.
Command Execution in Dell Unisphere for PowerMax vApp 9.2.3.x
CVE-2022-45104
8.8 - High
- February 11, 2023
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system.
Shell injection
Privilege Escalation in Dell EMC Unisphere for PowerMax <9.2.3.15
CVE-2022-31233
8 - High
- August 31, 2022
Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.
Incorrect Resource Transfer Between Spheres
Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability
CVE-2021-36338
8 - High
- January 21, 2022
Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338.
Reliance on Cookies without Validation and Integrity Checking
The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts
CVE-2021-36339
7.8 - High
- January 21, 2022
The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.
Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability
CVE-2021-21531
7.8 - High
- April 30, 2021
Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.
Incorrect Resource Transfer Between Spheres
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Dell Unisphere Powermax Virtual Appliance or by Dell? Click the Watch button to subscribe.
