Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for dell_powerscale by tomtretbar

    CVE-2025-58127 (GCVE-0-2025-58127)

    Vulnerability from nvd – Published: 2025-08-28 12:59 – Updated: 2025-08-28 13:12
    VLAI
    Title
    Lack of TLS validation in plugin Dell Powerscale on Checkmk Exchange
    Summary
    Improper Certificate Validation in Checkmk Exchange plugin Dell Powerscale allows attackers in MitM position to intercept traffic.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Credits
    Felix Eberstaller (Limes Security) Jakob Hartmann (Limes Security)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58127",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-28T13:12:23.271691Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-28T13:12:57.409Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://exchange.checkmk.com/packages",
              "defaultStatus": "affected",
              "packageName": "Dell Powerscale"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Felix Eberstaller (Limes Security)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Jakob Hartmann (Limes Security)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Certificate Validation in Checkmk Exchange plugin Dell Powerscale allows attackers in MitM position to intercept traffic."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-384",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-384: Application API Message Manipulation via Man-in-the-Middle"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-28T12:59:36.596Z",
            "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
            "shortName": "Checkmk"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://exchange.checkmk.com/p/powerscale"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Lack of TLS validation in plugin Dell Powerscale on Checkmk Exchange"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
        "assignerShortName": "Checkmk",
        "cveId": "CVE-2025-58127",
        "datePublished": "2025-08-28T12:59:36.596Z",
        "dateReserved": "2025-08-25T11:50:49.623Z",
        "dateUpdated": "2025-08-28T13:12:57.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-58127 (GCVE-0-2025-58127)

    Vulnerability from cvelistv5 – Published: 2025-08-28 12:59 – Updated: 2025-08-28 13:12
    VLAI
    Title
    Lack of TLS validation in plugin Dell Powerscale on Checkmk Exchange
    Summary
    Improper Certificate Validation in Checkmk Exchange plugin Dell Powerscale allows attackers in MitM position to intercept traffic.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Credits
    Felix Eberstaller (Limes Security) Jakob Hartmann (Limes Security)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58127",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-28T13:12:23.271691Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-28T13:12:57.409Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://exchange.checkmk.com/packages",
              "defaultStatus": "affected",
              "packageName": "Dell Powerscale"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Felix Eberstaller (Limes Security)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Jakob Hartmann (Limes Security)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Certificate Validation in Checkmk Exchange plugin Dell Powerscale allows attackers in MitM position to intercept traffic."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-384",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-384: Application API Message Manipulation via Man-in-the-Middle"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-28T12:59:36.596Z",
            "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
            "shortName": "Checkmk"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://exchange.checkmk.com/p/powerscale"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Lack of TLS validation in plugin Dell Powerscale on Checkmk Exchange"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
        "assignerShortName": "Checkmk",
        "cveId": "CVE-2025-58127",
        "datePublished": "2025-08-28T12:59:36.596Z",
        "dateReserved": "2025-08-25T11:50:49.623Z",
        "dateUpdated": "2025-08-28T13:12:57.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }