Search

Find a vulnerability

Search criteria

    36 vulnerabilities found for Unisphere for PowerMax by Dell

    CVE-2022-34363 (GCVE-0-2022-34363)

    Vulnerability from nvd – Published: 2026-05-22 14:44 – Updated: 2026-05-22 18:31
    VLAI
    Summary
    Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the  Unisphere for VMAX application running in vApp
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: 0 , < 10.0.0.5 EEM: 10.0.0.968 (semver)
    Affected: 0 , < 9.2.3.22 EEM: 9.2.4.26 (semver)
    Create a notification for this product.
    Dell Unisphere for PowerMax Virtual Appliance Affected: 0 , < 9.2.3.22 EEM: 9.2.4.26 (semver)
    Create a notification for this product.
    Dell Unisphere 360 Affected: 0 , < 9.2.3.12 (semver)
    Create a notification for this product.
    Date Public
    2023-01-04 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-34363",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-22T18:31:14.919325Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-22T18:31:21.633Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.0.0.5 EEM: 10.0.0.968",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "9.2.3.22 EEM: 9.2.4.26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax Virtual Appliance",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "9.2.3.22 EEM: 9.2.4.26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere 360",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "9.2.3.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-01-04T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the\u0026nbsp; Unisphere for VMAX application running in\u0026nbsp;vApp"
                }
              ],
              "value": "Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the\u00a0 Unisphere for VMAX application running in\u00a0vApp"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T14:44:07.607Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://dellservices.lightning.force.com/lightning/r/Lightning_Knowledge__kav/ka06P000000xAiKQAU/view"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2022-34363",
        "datePublished": "2026-05-22T14:44:07.607Z",
        "dateReserved": "2022-06-23T18:55:17.081Z",
        "dateUpdated": "2026-05-22T18:31:21.633Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26362 (GCVE-0-2026-26362)

    Vulnerability from nvd – Published: 2026-02-19 08:25 – Updated: 2026-02-19 21:29
    VLAI
    Summary
    Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Dell PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Date Public
    2026-02-18 18:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26362",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-19T21:29:46.986118Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-19T21:29:58.454Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-02-18T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system files.\u003cbr\u003e"
                }
              ],
              "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T08:25:14.267Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2026-26362",
        "datePublished": "2026-02-19T08:25:14.267Z",
        "dateReserved": "2026-02-13T18:05:27.826Z",
        "dateUpdated": "2026-02-19T21:29:58.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26361 (GCVE-0-2026-26361)

    Vulnerability from nvd – Published: 2026-02-19 08:14 – Updated: 2026-02-19 21:30
    VLAI
    Summary
    Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Dell PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Date Public
    2026-02-18 18:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26361",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-19T21:30:18.873738Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-19T21:30:41.803Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-02-18T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.\u003cbr\u003e"
                }
              ],
              "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T08:14:59.358Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2026-26361",
        "datePublished": "2026-02-19T08:14:59.358Z",
        "dateReserved": "2026-02-13T18:05:27.826Z",
        "dateUpdated": "2026-02-19T21:30:41.803Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26360 (GCVE-0-2026-26360)

    Vulnerability from nvd – Published: 2026-02-19 08:41 – Updated: 2026-02-23 18:35
    VLAI
    Summary
    Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Dell PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Date Public
    2026-02-18 18:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26360",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-23T18:34:48.510238Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-23T18:35:11.184Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-02-18T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.\u003cbr\u003e"
                }
              ],
              "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T08:41:00.849Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2026-26360",
        "datePublished": "2026-02-19T08:41:00.849Z",
        "dateReserved": "2026-02-13T18:05:27.826Z",
        "dateUpdated": "2026-02-23T18:35:11.184Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26359 (GCVE-0-2026-26359)

    Vulnerability from nvd – Published: 2026-02-19 08:34 – Updated: 2026-02-26 14:44
    VLAI
    Summary
    Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Dell PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Date Public
    2026-02-18 18:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26359",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-20T04:55:48.613396Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:14.935Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-02-18T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files.\u003cbr\u003e"
                }
              ],
              "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T08:34:01.506Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2026-26359",
        "datePublished": "2026-02-19T08:34:01.506Z",
        "dateReserved": "2026-02-13T18:05:27.826Z",
        "dateUpdated": "2026-02-26T14:44:14.935Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26358 (GCVE-0-2026-26358)

    Vulnerability from nvd – Published: 2026-02-19 08:47 – Updated: 2026-02-26 14:44
    VLAI
    Summary
    Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Dell PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Date Public
    2026-02-18 18:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26358",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-20T04:55:46.563051Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:14.789Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-02-18T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.\u003cbr\u003e"
                }
              ],
              "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T08:47:24.102Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2026-26358",
        "datePublished": "2026-02-19T08:47:24.102Z",
        "dateReserved": "2026-02-13T18:05:27.825Z",
        "dateUpdated": "2026-02-26T14:44:14.789Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36588 (GCVE-0-2025-36588)

    Vulnerability from nvd – Published: 2026-01-22 15:52 – Updated: 2026-02-26 14:44
    VLAI
    Summary
    Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Date Public
    2026-01-14 18:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36588",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-23T04:55:27.238974Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:32.520Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "9.2.4.19",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax Virtual Appliance",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "9.2.4.19",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-01-14T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.\u003cbr\u003e"
                }
              ],
              "value": "Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-26T12:32:29.443Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2025-36588",
        "datePublished": "2026-01-22T15:52:01.141Z",
        "dateReserved": "2025-04-15T21:31:17.347Z",
        "dateUpdated": "2026-02-26T14:44:32.520Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36589 (GCVE-0-2025-36589)

    Vulnerability from nvd – Published: 2026-01-06 16:20 – Updated: 2026-01-06 16:55
    VLAI
    Summary
    Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: N/A , < 9.2.4.19 (semver)
    Create a notification for this product.
    Date Public
    2025-12-19 18:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36589",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T16:54:46.931803Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T16:55:17.429Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "9.2.4.19",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-12-19T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control."
                }
              ],
              "value": "Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T16:20:24.899Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000402262/dsa-2025-425-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2025-36589",
        "datePublished": "2026-01-06T16:20:24.899Z",
        "dateReserved": "2025-04-15T21:31:17.347Z",
        "dateUpdated": "2026-01-06T16:55:17.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-27686 (GCVE-0-2025-27686)

    Vulnerability from nvd – Published: 2025-04-07 13:23 – Updated: 2025-04-07 13:58
    VLAI
    Summary
    Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: N/A , < 9.2.4.15 (semver)
    Affected: N/A , < 10.2.0.9 (semver)
    Create a notification for this product.
    Date Public
    2025-03-31 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27686",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T13:57:50.416072Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T13:58:27.666Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "9.2.4.15",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.2.0.9",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-03-31T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.\u003cbr\u003e"
                }
              ],
              "value": "Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-90",
                  "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-07T13:23:08.166Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-ao/000302223/dsa-2025-111-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-and-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2025-27686",
        "datePublished": "2025-04-07T13:23:08.166Z",
        "dateReserved": "2025-03-05T07:33:28.314Z",
        "dateUpdated": "2025-04-07T13:58:27.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-34397 (GCVE-0-2022-34397)

    Vulnerability from nvd – Published: 2023-02-13 09:06 – Updated: 2025-03-21 14:49
    VLAI
    Summary
    Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: 0 , < 10.0.0.5 (custom)
    Create a notification for this product.
    Date Public
    2023-01-04 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:07:16.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-34397",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-21T14:49:21.304023Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-21T14:49:28.192Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.0.0.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-01-04T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nDell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-31T05:03:28.028Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2022-34397",
        "datePublished": "2023-02-13T09:06:03.573Z",
        "dateReserved": "2022-06-23T18:55:17.096Z",
        "dateUpdated": "2025-03-21T14:49:28.192Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31233 (GCVE-0-2022-31233)

    Vulnerability from nvd – Published: 2022-08-31 20:05 – Updated: 2024-09-16 16:37
    VLAI
    Summary
    Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: unspecified , < 9.2.3.15 (custom)
    Create a notification for this product.
    Date Public
    2022-06-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:11:39.847Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/000200975"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "9.2.3.15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-06-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602: Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-31T20:05:14.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/000200975"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2022-06-27",
              "ID": "CVE-2022-31233",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Unisphere for PowerMax",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.2.3.15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 6.3,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-602: Client-Side Enforcement of Server-Side Security"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/000200975",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/000200975"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2022-31233",
        "datePublished": "2022-08-31T20:05:14.863Z",
        "dateReserved": "2022-05-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:37:57.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-36338 (GCVE-0-2021-36338)

    Vulnerability from nvd – Published: 2022-01-21 20:15 – Updated: 2024-09-16 22:01
    VLAI
    Summary
    Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338.
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: unspecified , < 9.2.2.2 (custom)
    Create a notification for this product.
    Date Public
    2021-12-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:54:51.435Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/000194640"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "9.2.2.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602: Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-31T20:05:13.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/000194640"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2021-12-19",
              "ID": "CVE-2021-36338",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Unisphere for PowerMax",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.2.2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 6.3,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-602: Client-Side Enforcement of Server-Side Security"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/000194640",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/000194640"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2021-36338",
        "datePublished": "2022-01-21T20:15:17.003Z",
        "dateReserved": "2021-07-08T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:01:34.577Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-21531 (GCVE-0-2021-21531)

    Vulnerability from nvd – Published: 2021-04-30 21:10 – Updated: 2024-09-17 03:48
    VLAI
    Summary
    Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: unspecified , < 9.2.1.6 (custom)
    Create a notification for this product.
    Date Public
    2021-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:16:22.985Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/000184565"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "9.2.1.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602: Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-30T21:10:18.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/000184565"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2021-03-24",
              "ID": "CVE-2021-21531",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Unisphere for PowerMax",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.2.1.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.1,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-602: Client-Side Enforcement of Server-Side Security"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/000184565",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/000184565"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2021-21531",
        "datePublished": "2021-04-30T21:10:18.600Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:48:26.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-34363 (GCVE-0-2022-34363)

    Vulnerability from cvelistv5 – Published: 2026-05-22 14:44 – Updated: 2026-05-22 18:31
    VLAI
    Summary
    Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the  Unisphere for VMAX application running in vApp
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: 0 , < 10.0.0.5 EEM: 10.0.0.968 (semver)
    Affected: 0 , < 9.2.3.22 EEM: 9.2.4.26 (semver)
    Create a notification for this product.
    Dell Unisphere for PowerMax Virtual Appliance Affected: 0 , < 9.2.3.22 EEM: 9.2.4.26 (semver)
    Create a notification for this product.
    Dell Unisphere 360 Affected: 0 , < 9.2.3.12 (semver)
    Create a notification for this product.
    Date Public
    2023-01-04 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-34363",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-22T18:31:14.919325Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-22T18:31:21.633Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.0.0.5 EEM: 10.0.0.968",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "9.2.3.22 EEM: 9.2.4.26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax Virtual Appliance",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "9.2.3.22 EEM: 9.2.4.26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere 360",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "9.2.3.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-01-04T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the\u0026nbsp; Unisphere for VMAX application running in\u0026nbsp;vApp"
                }
              ],
              "value": "Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the\u00a0 Unisphere for VMAX application running in\u00a0vApp"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T14:44:07.607Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://dellservices.lightning.force.com/lightning/r/Lightning_Knowledge__kav/ka06P000000xAiKQAU/view"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2022-34363",
        "datePublished": "2026-05-22T14:44:07.607Z",
        "dateReserved": "2022-06-23T18:55:17.081Z",
        "dateUpdated": "2026-05-22T18:31:21.633Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26358 (GCVE-0-2026-26358)

    Vulnerability from cvelistv5 – Published: 2026-02-19 08:47 – Updated: 2026-02-26 14:44
    VLAI
    Summary
    Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Dell PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Date Public
    2026-02-18 18:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26358",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-20T04:55:46.563051Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:14.789Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-02-18T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.\u003cbr\u003e"
                }
              ],
              "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T08:47:24.102Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2026-26358",
        "datePublished": "2026-02-19T08:47:24.102Z",
        "dateReserved": "2026-02-13T18:05:27.825Z",
        "dateUpdated": "2026-02-26T14:44:14.789Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26360 (GCVE-0-2026-26360)

    Vulnerability from cvelistv5 – Published: 2026-02-19 08:41 – Updated: 2026-02-23 18:35
    VLAI
    Summary
    Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Dell PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Date Public
    2026-02-18 18:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26360",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-23T18:34:48.510238Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-23T18:35:11.184Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-02-18T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.\u003cbr\u003e"
                }
              ],
              "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T08:41:00.849Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2026-26360",
        "datePublished": "2026-02-19T08:41:00.849Z",
        "dateReserved": "2026-02-13T18:05:27.826Z",
        "dateUpdated": "2026-02-23T18:35:11.184Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26359 (GCVE-0-2026-26359)

    Vulnerability from cvelistv5 – Published: 2026-02-19 08:34 – Updated: 2026-02-26 14:44
    VLAI
    Summary
    Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Dell PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Date Public
    2026-02-18 18:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26359",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-20T04:55:48.613396Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:14.935Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-02-18T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files.\u003cbr\u003e"
                }
              ],
              "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T08:34:01.506Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2026-26359",
        "datePublished": "2026-02-19T08:34:01.506Z",
        "dateReserved": "2026-02-13T18:05:27.826Z",
        "dateUpdated": "2026-02-26T14:44:14.935Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26362 (GCVE-0-2026-26362)

    Vulnerability from cvelistv5 – Published: 2026-02-19 08:25 – Updated: 2026-02-19 21:29
    VLAI
    Summary
    Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Dell PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Date Public
    2026-02-18 18:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26362",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-19T21:29:46.986118Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-19T21:29:58.454Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-02-18T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system files.\u003cbr\u003e"
                }
              ],
              "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T08:25:14.267Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2026-26362",
        "datePublished": "2026-02-19T08:25:14.267Z",
        "dateReserved": "2026-02-13T18:05:27.826Z",
        "dateUpdated": "2026-02-19T21:29:58.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26361 (GCVE-0-2026-26361)

    Vulnerability from cvelistv5 – Published: 2026-02-19 08:14 – Updated: 2026-02-19 21:30
    VLAI
    Summary
    Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Dell PowerMax Affected: N/A , < 10.3.0.1 or later (semver)
    Create a notification for this product.
    Date Public
    2026-02-18 18:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26361",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-19T21:30:18.873738Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-19T21:30:41.803Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.3.0.1 or later",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-02-18T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.\u003cbr\u003e"
                }
              ],
              "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T08:14:59.358Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2026-26361",
        "datePublished": "2026-02-19T08:14:59.358Z",
        "dateReserved": "2026-02-13T18:05:27.826Z",
        "dateUpdated": "2026-02-19T21:30:41.803Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36588 (GCVE-0-2025-36588)

    Vulnerability from cvelistv5 – Published: 2026-01-22 15:52 – Updated: 2026-02-26 14:44
    VLAI
    Summary
    Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Date Public
    2026-01-14 18:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36588",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-23T04:55:27.238974Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:32.520Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "9.2.4.19",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax Virtual Appliance",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "9.2.4.19",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-01-14T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.\u003cbr\u003e"
                }
              ],
              "value": "Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-26T12:32:29.443Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2025-36588",
        "datePublished": "2026-01-22T15:52:01.141Z",
        "dateReserved": "2025-04-15T21:31:17.347Z",
        "dateUpdated": "2026-02-26T14:44:32.520Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36589 (GCVE-0-2025-36589)

    Vulnerability from cvelistv5 – Published: 2026-01-06 16:20 – Updated: 2026-01-06 16:55
    VLAI
    Summary
    Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: N/A , < 9.2.4.19 (semver)
    Create a notification for this product.
    Date Public
    2025-12-19 18:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36589",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T16:54:46.931803Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T16:55:17.429Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "9.2.4.19",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-12-19T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control."
                }
              ],
              "value": "Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T16:20:24.899Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000402262/dsa-2025-425-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2025-36589",
        "datePublished": "2026-01-06T16:20:24.899Z",
        "dateReserved": "2025-04-15T21:31:17.347Z",
        "dateUpdated": "2026-01-06T16:55:17.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-27686 (GCVE-0-2025-27686)

    Vulnerability from cvelistv5 – Published: 2025-04-07 13:23 – Updated: 2025-04-07 13:58
    VLAI
    Summary
    Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: N/A , < 9.2.4.15 (semver)
    Affected: N/A , < 10.2.0.9 (semver)
    Create a notification for this product.
    Date Public
    2025-03-31 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27686",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T13:57:50.416072Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T13:58:27.666Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "9.2.4.15",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.2.0.9",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-03-31T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.\u003cbr\u003e"
                }
              ],
              "value": "Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-90",
                  "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-07T13:23:08.166Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-ao/000302223/dsa-2025-111-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-and-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2025-27686",
        "datePublished": "2025-04-07T13:23:08.166Z",
        "dateReserved": "2025-03-05T07:33:28.314Z",
        "dateUpdated": "2025-04-07T13:58:27.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-34397 (GCVE-0-2022-34397)

    Vulnerability from cvelistv5 – Published: 2023-02-13 09:06 – Updated: 2025-03-21 14:49
    VLAI
    Summary
    Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: 0 , < 10.0.0.5 (custom)
    Create a notification for this product.
    Date Public
    2023-01-04 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:07:16.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-34397",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-21T14:49:21.304023Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-21T14:49:28.192Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "10.0.0.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-01-04T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nDell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-31T05:03:28.028Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2022-34397",
        "datePublished": "2023-02-13T09:06:03.573Z",
        "dateReserved": "2022-06-23T18:55:17.096Z",
        "dateUpdated": "2025-03-21T14:49:28.192Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31233 (GCVE-0-2022-31233)

    Vulnerability from cvelistv5 – Published: 2022-08-31 20:05 – Updated: 2024-09-16 16:37
    VLAI
    Summary
    Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: unspecified , < 9.2.3.15 (custom)
    Create a notification for this product.
    Date Public
    2022-06-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:11:39.847Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/000200975"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "9.2.3.15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-06-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602: Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-31T20:05:14.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/000200975"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2022-06-27",
              "ID": "CVE-2022-31233",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Unisphere for PowerMax",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.2.3.15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 6.3,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-602: Client-Side Enforcement of Server-Side Security"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/000200975",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/000200975"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2022-31233",
        "datePublished": "2022-08-31T20:05:14.863Z",
        "dateReserved": "2022-05-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:37:57.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-36338 (GCVE-0-2021-36338)

    Vulnerability from cvelistv5 – Published: 2022-01-21 20:15 – Updated: 2024-09-16 22:01
    VLAI
    Summary
    Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338.
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: unspecified , < 9.2.2.2 (custom)
    Create a notification for this product.
    Date Public
    2021-12-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:54:51.435Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/000194640"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "9.2.2.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602: Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-31T20:05:13.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/000194640"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2021-12-19",
              "ID": "CVE-2021-36338",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Unisphere for PowerMax",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.2.2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 6.3,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-602: Client-Side Enforcement of Server-Side Security"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/000194640",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/000194640"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2021-36338",
        "datePublished": "2022-01-21T20:15:17.003Z",
        "dateReserved": "2021-07-08T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:01:34.577Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-21531 (GCVE-0-2021-21531)

    Vulnerability from cvelistv5 – Published: 2021-04-30 21:10 – Updated: 2024-09-17 03:48
    VLAI
    Summary
    Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Unisphere for PowerMax Affected: unspecified , < 9.2.1.6 (custom)
    Create a notification for this product.
    Date Public
    2021-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:16:22.985Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/000184565"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Unisphere for PowerMax",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "9.2.1.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602: Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-30T21:10:18.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/000184565"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2021-03-24",
              "ID": "CVE-2021-21531",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Unisphere for PowerMax",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.2.1.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.1,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-602: Client-Side Enforcement of Server-Side Security"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/000184565",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/000184565"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2021-21531",
        "datePublished": "2021-04-30T21:10:18.600Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:48:26.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-202104-0672

    Vulnerability from variot - Updated: 2024-08-14 15:27

    Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions. Dell Unisphere for PowerMax Exists in a vulnerability related to incorrect resource movement between regions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. DELL Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell (DELL). A security vulnerability exists in PowerMax that could allow an attacker to bypass restrictions through Dell Unisphere's PowerMax monitoring role to escalate privileges

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202104-0672",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "solutions enabler",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.1.6"
          },
          {
            "model": "unisphere for powermax virtual appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.1.0"
          },
          {
            "model": "solutions enabler virtual appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.1.1"
          },
          {
            "model": "solutions enabler",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.0"
          },
          {
            "model": "powermax os",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dell",
            "version": "5978"
          },
          {
            "model": "solutions enabler virtual appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.0"
          },
          {
            "model": "unisphere for powermax virtual appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.1.6"
          },
          {
            "model": "unisphere for powermax virtual appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.1.0.26"
          },
          {
            "model": "unisphere for powermax",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.1.0"
          },
          {
            "model": "unisphere for powermax",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.1.0.26"
          },
          {
            "model": "solutions enabler",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.1.0.15"
          },
          {
            "model": "unisphere for powermax",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.1.6"
          },
          {
            "model": "solutions enabler virtual appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.1.0.15"
          },
          {
            "model": "dell unisphere for powermax",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "dell unisphere for powermax virtual appliance",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "dell solutions enabler",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "dell solutions enabler virtual appliance",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "dell powermax os",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006445"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21531"
          }
        ]
      },
      "cve": "CVE-2021-21531",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-21531",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-379935",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-21531",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "security_alert@emc.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21531",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21531",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21531",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "security_alert@emc.com",
                "id": "CVE-2021-21531",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21531",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202103-1551",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-379935",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21531",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-379935"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21531"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006445"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1551"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21531"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21531"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions. Dell Unisphere for PowerMax Exists in a vulnerability related to incorrect resource movement between regions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. DELL Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell (DELL). A security vulnerability exists in PowerMax that could allow an attacker to bypass restrictions through Dell Unisphere\u0027s PowerMax monitoring role to escalate privileges",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21531"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006445"
          },
          {
            "db": "VULHUB",
            "id": "VHN-379935"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21531"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21531",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006445",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1551",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-379935",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21531",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-379935"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21531"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006445"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1551"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21531"
          }
        ]
      },
      "id": "VAR-202104-0672",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-379935"
          }
        ],
        "trust": 0.58051947
      },
      "last_update_date": "2024-08-14T15:27:47.088000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "DSA-2021-063",
            "trust": 0.8,
            "url": "https://www.dell.com/support/kbdoc/000184565"
          },
          {
            "title": "PowerMax Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145434"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006445"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1551"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-669",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-602",
            "trust": 1.0
          },
          {
            "problemtype": "Incorrect resource movement between regions (CWE-669) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-379935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006445"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21531"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://www.dell.com/support/kbdoc/000184565"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21531"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/dell-unisphere-for-powermax-privilege-escalation-via-monitor-role-34946"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/669.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-379935"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21531"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006445"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1551"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21531"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-379935"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21531"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006445"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1551"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21531"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-379935"
          },
          {
            "date": "2021-04-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21531"
          },
          {
            "date": "2022-01-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-006445"
          },
          {
            "date": "2021-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-1551"
          },
          {
            "date": "2021-04-30T21:15:08.673000",
            "db": "NVD",
            "id": "CVE-2021-21531"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-05-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-379935"
          },
          {
            "date": "2021-05-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21531"
          },
          {
            "date": "2022-01-06T08:32:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-006445"
          },
          {
            "date": "2021-05-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-1551"
          },
          {
            "date": "2021-05-10T14:07:37.923000",
            "db": "NVD",
            "id": "CVE-2021-21531"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1551"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell\u00a0Unisphere\u00a0for\u00a0PowerMax\u00a0 Vulnerability regarding incorrect resource movement between regions in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006445"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-1551"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202112-2521

    Vulnerability from variot - Updated: 2024-08-14 14:50

    Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338. plural Dell EMC Products have not undergone verification and integrity checks Cookie There is a vulnerability related to dependency on.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DELL Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell (DELL). Dell EMC Unisphere for PowerMax has a security vulnerability that could be exploited by an attacker to elevate privileges

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202112-2521",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "unisphere for powermax",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.3.4"
          },
          {
            "model": "unisphere for powermax virtual appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.3.4"
          },
          {
            "model": "powermax os",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dell",
            "version": "5978"
          },
          {
            "model": "unisphere 360",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.1.0.29"
          },
          {
            "model": "solutions enabler",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.3.0"
          },
          {
            "model": "unisphere 360",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.0.0"
          },
          {
            "model": "vasa",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.1.0.723"
          },
          {
            "model": "vasa",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.3.0"
          },
          {
            "model": "unisphere 360",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.3.3"
          },
          {
            "model": "solutions enabler",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.0.0"
          },
          {
            "model": "solutions enabler virtual appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.3.0"
          },
          {
            "model": "vasa",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.0.0"
          },
          {
            "model": "solutions enabler virtual appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.0.0"
          },
          {
            "model": "unisphere for powermax virtual appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.0.0"
          },
          {
            "model": "unisphere for powermax virtual appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.1.0.31"
          },
          {
            "model": "unisphere for powermax",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.1.0.31"
          },
          {
            "model": "solutions enabler",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.1.0.18"
          },
          {
            "model": "solutions enabler virtual appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.1.0.18"
          },
          {
            "model": "unisphere for powermax",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.0.0"
          },
          {
            "model": "dell unisphere for powermax virtual appliance",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "dell solutions enabler",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "dell unisphere for powermax",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "dell powermax os",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "solutions enabler virtual appliance",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "unisphere 360",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "vasa",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018029"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36338"
          }
        ]
      },
      "cve": "CVE-2021-36338",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "id": "CVE-2021-36338",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "id": "VHN-398222",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2021-36338",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "security_alert@emc.com",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.1,
                "id": "CVE-2021-36338",
                "impactScore": 4.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.0,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-36338",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-36338",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "security_alert@emc.com",
                "id": "CVE-2021-36338",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-36338",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202112-2209",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-398222",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-398222"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018029"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-2209"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36338"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36338"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338. plural Dell EMC Products have not undergone verification and integrity checks Cookie There is a vulnerability related to dependency on.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DELL Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell (DELL). Dell EMC Unisphere for PowerMax has a security vulnerability that could be exploited by an attacker to elevate privileges",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-36338"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018029"
          },
          {
            "db": "VULHUB",
            "id": "VHN-398222"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-36338",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018029",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-2209",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-06904",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-398222",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-398222"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018029"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-2209"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36338"
          }
        ]
      },
      "id": "VAR-202112-2521",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-398222"
          }
        ],
        "trust": 0.628721285
      },
      "last_update_date": "2024-08-14T14:50:01.417000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "DSA-2021-226",
            "trust": 0.8,
            "url": "https://www.dell.com/support/kbdoc/ja-jp/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embed"
          },
          {
            "title": "Dell EMC Unisphere for PowerMax Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=175675"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018029"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-2209"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-565",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-602",
            "trust": 1.0
          },
          {
            "problemtype": "No validation and integrity checks  Cookie Dependence on (CWE-565) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-669",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-398222"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018029"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36338"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.dell.com/support/kbdoc/000194640"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36338"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/dell-emc-unisphere-for-powermax-privilege-escalation-37122"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-398222"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018029"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-2209"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36338"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-398222"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018029"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-2209"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36338"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-01-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-398222"
          },
          {
            "date": "2023-03-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018029"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202112-2209"
          },
          {
            "date": "2022-01-21T21:15:08.487000",
            "db": "NVD",
            "id": "CVE-2021-36338"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-12-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-398222"
          },
          {
            "date": "2023-03-20T03:49:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018029"
          },
          {
            "date": "2022-12-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202112-2209"
          },
          {
            "date": "2022-12-09T16:26:50.893000",
            "db": "NVD",
            "id": "CVE-2021-36338"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-2209"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Dell\u00a0EMC\u00a0 Lack of verification and integrity checks on products \u00a0Cookie\u00a0 Dependency vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018029"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-2209"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202206-2277

    Vulnerability from variot - Updated: 2024-08-14 14:02

    Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. eVASA Provider Virtual Appliance , Dell Solutions Enabler , Solutions Enabler Virtual Appliance Multiple Dell products are vulnerable to incorrect movement of resources between regions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell. Dell EMC Unisphere for PowerMax has a security vulnerability. An attacker exploited this vulnerability to bypass the restrictions of Dell EMC Unisphere for PowerMax to elevate his privileges

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202206-2277",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "solutions enabler",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.3.4"
          },
          {
            "model": "powermax os",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dell",
            "version": "5978"
          },
          {
            "model": "vasa",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.3.15"
          },
          {
            "model": "unisphere for powermax virtual appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.3.15"
          },
          {
            "model": "evasa provider virtual appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.3.7"
          },
          {
            "model": "unisphere 360",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.3.6"
          },
          {
            "model": "solutions enabler virtual appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.3.4"
          },
          {
            "model": "unisphere for powermax",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.3.15"
          },
          {
            "model": "dell unisphere for powermax",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "dell unisphere for powermax virtual appliance",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "dell solutions enabler",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "solutions enabler virtual appliance",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "vasa",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "dell powermax os",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "unisphere 360",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "evasa provider virtual appliance",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-016149"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-31233"
          }
        ]
      },
      "cve": "CVE-2022-31233",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2022-31233",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "security_alert@emc.com",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.1,
                "id": "CVE-2022-31233",
                "impactScore": 4.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.0,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-31233",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-31233",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "security_alert@emc.com",
                "id": "CVE-2022-31233",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-31233",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202206-2818",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-016149"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2818"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-31233"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-31233"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. eVASA Provider Virtual Appliance , Dell Solutions Enabler , Solutions Enabler Virtual Appliance Multiple Dell products are vulnerable to incorrect movement of resources between regions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell. Dell EMC Unisphere for PowerMax has a security vulnerability. An attacker exploited this vulnerability to bypass the restrictions of Dell EMC Unisphere for PowerMax to elevate his privileges",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-31233"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-016149"
          },
          {
            "db": "VULHUB",
            "id": "VHN-422929"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-31233"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-31233",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-016149",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2818",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-422929",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-31233",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-422929"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-31233"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-016149"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2818"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-31233"
          }
        ]
      },
      "id": "VAR-202206-2277",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-422929"
          }
        ],
        "trust": 0.628721285
      },
      "last_update_date": "2024-08-14T14:02:31.725000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-669",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-602",
            "trust": 1.0
          },
          {
            "problemtype": "Incorrect resource movement between regions (CWE-669) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-422929"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-016149"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-31233"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://www.dell.com/support/kbdoc/000200975"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31233"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/dell-unisphere-for-powermax-privilege-escalation-38686"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-31233/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-422929"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-31233"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-016149"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2818"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-31233"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-422929"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-31233"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-016149"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2818"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-31233"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-08-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-422929"
          },
          {
            "date": "2022-08-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-31233"
          },
          {
            "date": "2023-10-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-016149"
          },
          {
            "date": "2022-06-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-2818"
          },
          {
            "date": "2022-08-31T20:15:08.627000",
            "db": "NVD",
            "id": "CVE-2022-31233"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-09-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-422929"
          },
          {
            "date": "2022-08-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-31233"
          },
          {
            "date": "2023-10-02T08:11:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-016149"
          },
          {
            "date": "2022-09-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-2818"
          },
          {
            "date": "2022-09-07T16:47:34.793000",
            "db": "NVD",
            "id": "CVE-2022-31233"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2818"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Vulnerability in incorrect movement of resources between regions in multiple Dell products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-016149"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2818"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202112-2522

    Vulnerability from variot - Updated: 2024-08-14 13:43

    The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance. plural Dell EMC There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DELL Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell (DELL). There is a security vulnerability in Dell EMC Unisphere for PowerMax, which stems from the software's lack of effective restriction and filtering of user rights

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202112-2522",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "unisphere for powermax",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.3.4"
          },
          {
            "model": "unisphere for powermax virtual appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.3.4"
          },
          {
            "model": "powermax os",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dell",
            "version": "5978"
          },
          {
            "model": "unisphere 360",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.1.0.29"
          },
          {
            "model": "solutions enabler",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.3.0"
          },
          {
            "model": "unisphere 360",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.0.0"
          },
          {
            "model": "vasa",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.1.0.723"
          },
          {
            "model": "vasa",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.3.0"
          },
          {
            "model": "unisphere 360",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.3.3"
          },
          {
            "model": "solutions enabler",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.0.0"
          },
          {
            "model": "solutions enabler virtual appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.3.0"
          },
          {
            "model": "vasa",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.0.0"
          },
          {
            "model": "solutions enabler virtual appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.0.0"
          },
          {
            "model": "unisphere for powermax virtual appliance",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.0.0"
          },
          {
            "model": "unisphere for powermax virtual appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.1.0.31"
          },
          {
            "model": "unisphere for powermax",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.1.0.31"
          },
          {
            "model": "solutions enabler",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.1.0.18"
          },
          {
            "model": "solutions enabler virtual appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.1.0.18"
          },
          {
            "model": "unisphere for powermax",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "9.2.0.0"
          },
          {
            "model": "dell unisphere for powermax virtual appliance",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "dell solutions enabler",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "dell unisphere for powermax",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "dell powermax os",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "solutions enabler virtual appliance",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "unisphere 360",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "vasa",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018028"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36339"
          }
        ]
      },
      "cve": "CVE-2021-36339",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-36339",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-398223",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-36339",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-018028",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-36339",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "security_alert@emc.com",
                "id": "CVE-2021-36339",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-36339",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202112-2204",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-398223",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-36339",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-398223"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-36339"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018028"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-2204"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36339"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36339"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance. plural Dell EMC There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DELL Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell (DELL). There is a security vulnerability in Dell EMC Unisphere for PowerMax, which stems from the software\u0027s lack of effective restriction and filtering of user rights",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-36339"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018028"
          },
          {
            "db": "VULHUB",
            "id": "VHN-398223"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-36339"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-36339",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018028",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-2204",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-06903",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-398223",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-36339",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-398223"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-36339"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018028"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-2204"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36339"
          }
        ]
      },
      "id": "VAR-202112-2522",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-398223"
          }
        ],
        "trust": 0.628721285
      },
      "last_update_date": "2024-08-14T13:43:05.760000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "DSA-2021-226",
            "trust": 0.8,
            "url": "https://www.dell.com/support/kbdoc/ja-jp/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embed"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2021-36339 "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-36339"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018028"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-250",
            "trust": 1.0
          },
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "others (CWE-Other) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018028"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36339"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://www.dell.com/support/kbdoc/000194640"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36339"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/dell-emc-virtual-appliances-user-access-via-undocumented-user-accounts-37123"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2021-36339"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-398223"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-36339"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018028"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-2204"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36339"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-398223"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-36339"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018028"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-2204"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36339"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-01-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-398223"
          },
          {
            "date": "2022-01-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-36339"
          },
          {
            "date": "2023-03-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018028"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202112-2204"
          },
          {
            "date": "2022-01-21T21:15:08.563000",
            "db": "NVD",
            "id": "CVE-2021-36339"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-398223"
          },
          {
            "date": "2022-10-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-36339"
          },
          {
            "date": "2023-03-20T03:46:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-018028"
          },
          {
            "date": "2022-10-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202112-2204"
          },
          {
            "date": "2022-10-27T11:44:58.323000",
            "db": "NVD",
            "id": "CVE-2021-36339"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-2204"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Dell\u00a0EMC\u00a0 Product vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-018028"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-2204"
          }
        ],
        "trust": 0.6
      }
    }