Search criteria
9 vulnerabilities found for vasa by dell
VAR-202112-2521
Vulnerability from variot - Updated: 2024-08-14 14:50Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338. plural Dell EMC Products have not undergone verification and integrity checks Cookie There is a vulnerability related to dependency on.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DELL Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell (DELL). Dell EMC Unisphere for PowerMax has a security vulnerability that could be exploited by an attacker to elevate privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2521",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unisphere for powermax",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.3.4"
},
{
"model": "unisphere for powermax virtual appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.3.4"
},
{
"model": "powermax os",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "5978"
},
{
"model": "unisphere 360",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.1.0.29"
},
{
"model": "solutions enabler",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.3.0"
},
{
"model": "unisphere 360",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.0.0"
},
{
"model": "vasa",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.1.0.723"
},
{
"model": "vasa",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.3.0"
},
{
"model": "unisphere 360",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.3.3"
},
{
"model": "solutions enabler",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.0.0"
},
{
"model": "solutions enabler virtual appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.3.0"
},
{
"model": "vasa",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.0.0"
},
{
"model": "solutions enabler virtual appliance",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.0.0"
},
{
"model": "unisphere for powermax virtual appliance",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.0.0"
},
{
"model": "unisphere for powermax virtual appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.1.0.31"
},
{
"model": "unisphere for powermax",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.1.0.31"
},
{
"model": "solutions enabler",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.1.0.18"
},
{
"model": "solutions enabler virtual appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.1.0.18"
},
{
"model": "unisphere for powermax",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.0.0"
},
{
"model": "dell unisphere for powermax virtual appliance",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell solutions enabler",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell unisphere for powermax",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell powermax os",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "solutions enabler virtual appliance",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "unisphere 360",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "vasa",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018029"
},
{
"db": "NVD",
"id": "CVE-2021-36338"
}
]
},
"cve": "CVE-2021-36338",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CVE-2021-36338",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "VHN-398222",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2021-36338",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"id": "CVE-2021-36338",
"impactScore": 4.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-36338",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-36338",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2021-36338",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-36338",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2209",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-398222",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398222"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018029"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2209"
},
{
"db": "NVD",
"id": "CVE-2021-36338"
},
{
"db": "NVD",
"id": "CVE-2021-36338"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338. plural Dell EMC Products have not undergone verification and integrity checks Cookie There is a vulnerability related to dependency on.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DELL Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell (DELL). Dell EMC Unisphere for PowerMax has a security vulnerability that could be exploited by an attacker to elevate privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-36338"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018029"
},
{
"db": "VULHUB",
"id": "VHN-398222"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-36338",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018029",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2209",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-06904",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-398222",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398222"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018029"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2209"
},
{
"db": "NVD",
"id": "CVE-2021-36338"
}
]
},
"id": "VAR-202112-2521",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-398222"
}
],
"trust": 0.628721285
},
"last_update_date": "2024-08-14T14:50:01.417000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2021-226",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/ja-jp/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embed"
},
{
"title": "Dell EMC Unisphere for PowerMax Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=175675"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018029"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2209"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-565",
"trust": 1.1
},
{
"problemtype": "CWE-602",
"trust": 1.0
},
{
"problemtype": "No validation and integrity checks Cookie Dependence on (CWE-565) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-669",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398222"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018029"
},
{
"db": "NVD",
"id": "CVE-2021-36338"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.dell.com/support/kbdoc/000194640"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36338"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/dell-emc-unisphere-for-powermax-privilege-escalation-37122"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398222"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018029"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2209"
},
{
"db": "NVD",
"id": "CVE-2021-36338"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-398222"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018029"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2209"
},
{
"db": "NVD",
"id": "CVE-2021-36338"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-398222"
},
{
"date": "2023-03-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-018029"
},
{
"date": "2021-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2209"
},
{
"date": "2022-01-21T21:15:08.487000",
"db": "NVD",
"id": "CVE-2021-36338"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-398222"
},
{
"date": "2023-03-20T03:49:00",
"db": "JVNDB",
"id": "JVNDB-2021-018029"
},
{
"date": "2022-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2209"
},
{
"date": "2022-12-09T16:26:50.893000",
"db": "NVD",
"id": "CVE-2021-36338"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2209"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Dell\u00a0EMC\u00a0 Lack of verification and integrity checks on products \u00a0Cookie\u00a0 Dependency vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018029"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2209"
}
],
"trust": 0.6
}
}
VAR-202206-2277
Vulnerability from variot - Updated: 2024-08-14 14:02Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. eVASA Provider Virtual Appliance , Dell Solutions Enabler , Solutions Enabler Virtual Appliance Multiple Dell products are vulnerable to incorrect movement of resources between regions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell. Dell EMC Unisphere for PowerMax has a security vulnerability. An attacker exploited this vulnerability to bypass the restrictions of Dell EMC Unisphere for PowerMax to elevate his privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2277",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "solutions enabler",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.3.4"
},
{
"model": "powermax os",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "5978"
},
{
"model": "vasa",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.3.15"
},
{
"model": "unisphere for powermax virtual appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.3.15"
},
{
"model": "evasa provider virtual appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.3.7"
},
{
"model": "unisphere 360",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.3.6"
},
{
"model": "solutions enabler virtual appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.3.4"
},
{
"model": "unisphere for powermax",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.3.15"
},
{
"model": "dell unisphere for powermax",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell unisphere for powermax virtual appliance",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell solutions enabler",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "solutions enabler virtual appliance",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "vasa",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell powermax os",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "unisphere 360",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "evasa provider virtual appliance",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016149"
},
{
"db": "NVD",
"id": "CVE-2022-31233"
}
]
},
"cve": "CVE-2022-31233",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2022-31233",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"id": "CVE-2022-31233",
"impactScore": 4.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-31233",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-31233",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-31233",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-31233",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2818",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016149"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2818"
},
{
"db": "NVD",
"id": "CVE-2022-31233"
},
{
"db": "NVD",
"id": "CVE-2022-31233"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. eVASA Provider Virtual Appliance , Dell Solutions Enabler , Solutions Enabler Virtual Appliance Multiple Dell products are vulnerable to incorrect movement of resources between regions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell. Dell EMC Unisphere for PowerMax has a security vulnerability. An attacker exploited this vulnerability to bypass the restrictions of Dell EMC Unisphere for PowerMax to elevate his privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31233"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016149"
},
{
"db": "VULHUB",
"id": "VHN-422929"
},
{
"db": "VULMON",
"id": "CVE-2022-31233"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31233",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016149",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2818",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-422929",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-31233",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422929"
},
{
"db": "VULMON",
"id": "CVE-2022-31233"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016149"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2818"
},
{
"db": "NVD",
"id": "CVE-2022-31233"
}
]
},
"id": "VAR-202206-2277",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-422929"
}
],
"trust": 0.628721285
},
"last_update_date": "2024-08-14T14:02:31.725000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-669",
"trust": 1.1
},
{
"problemtype": "CWE-602",
"trust": 1.0
},
{
"problemtype": "Incorrect resource movement between regions (CWE-669) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422929"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016149"
},
{
"db": "NVD",
"id": "CVE-2022-31233"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.dell.com/support/kbdoc/000200975"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31233"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/dell-unisphere-for-powermax-privilege-escalation-38686"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31233/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422929"
},
{
"db": "VULMON",
"id": "CVE-2022-31233"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016149"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2818"
},
{
"db": "NVD",
"id": "CVE-2022-31233"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-422929"
},
{
"db": "VULMON",
"id": "CVE-2022-31233"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016149"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2818"
},
{
"db": "NVD",
"id": "CVE-2022-31233"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-31T00:00:00",
"db": "VULHUB",
"id": "VHN-422929"
},
{
"date": "2022-08-31T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31233"
},
{
"date": "2023-10-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-016149"
},
{
"date": "2022-06-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2818"
},
{
"date": "2022-08-31T20:15:08.627000",
"db": "NVD",
"id": "CVE-2022-31233"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-422929"
},
{
"date": "2022-08-31T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31233"
},
{
"date": "2023-10-02T08:11:00",
"db": "JVNDB",
"id": "JVNDB-2022-016149"
},
{
"date": "2022-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2818"
},
{
"date": "2022-09-07T16:47:34.793000",
"db": "NVD",
"id": "CVE-2022-31233"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2818"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability in incorrect movement of resources between regions in multiple Dell products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016149"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2818"
}
],
"trust": 0.6
}
}
VAR-202112-2522
Vulnerability from variot - Updated: 2024-08-14 13:43The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance. plural Dell EMC There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DELL Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell (DELL). There is a security vulnerability in Dell EMC Unisphere for PowerMax, which stems from the software's lack of effective restriction and filtering of user rights
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2522",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unisphere for powermax",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.3.4"
},
{
"model": "unisphere for powermax virtual appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.3.4"
},
{
"model": "powermax os",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "5978"
},
{
"model": "unisphere 360",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.1.0.29"
},
{
"model": "solutions enabler",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.3.0"
},
{
"model": "unisphere 360",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.0.0"
},
{
"model": "vasa",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.1.0.723"
},
{
"model": "vasa",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.3.0"
},
{
"model": "unisphere 360",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.3.3"
},
{
"model": "solutions enabler",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.0.0"
},
{
"model": "solutions enabler virtual appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.3.0"
},
{
"model": "vasa",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.0.0"
},
{
"model": "solutions enabler virtual appliance",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.0.0"
},
{
"model": "unisphere for powermax virtual appliance",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.0.0"
},
{
"model": "unisphere for powermax virtual appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.1.0.31"
},
{
"model": "unisphere for powermax",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.1.0.31"
},
{
"model": "solutions enabler",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.1.0.18"
},
{
"model": "solutions enabler virtual appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "9.1.0.18"
},
{
"model": "unisphere for powermax",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "9.2.0.0"
},
{
"model": "dell unisphere for powermax virtual appliance",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell solutions enabler",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell unisphere for powermax",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell powermax os",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "solutions enabler virtual appliance",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "unisphere 360",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "vasa",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018028"
},
{
"db": "NVD",
"id": "CVE-2021-36339"
}
]
},
"cve": "CVE-2021-36339",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2021-36339",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-398223",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-36339",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-018028",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-36339",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2021-36339",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-36339",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2204",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-398223",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-36339",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398223"
},
{
"db": "VULMON",
"id": "CVE-2021-36339"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018028"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2204"
},
{
"db": "NVD",
"id": "CVE-2021-36339"
},
{
"db": "NVD",
"id": "CVE-2021-36339"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance. plural Dell EMC There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DELL Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell (DELL). There is a security vulnerability in Dell EMC Unisphere for PowerMax, which stems from the software\u0027s lack of effective restriction and filtering of user rights",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-36339"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018028"
},
{
"db": "VULHUB",
"id": "VHN-398223"
},
{
"db": "VULMON",
"id": "CVE-2021-36339"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-36339",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018028",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2204",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-06903",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-398223",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-36339",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398223"
},
{
"db": "VULMON",
"id": "CVE-2021-36339"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018028"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2204"
},
{
"db": "NVD",
"id": "CVE-2021-36339"
}
]
},
"id": "VAR-202112-2522",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-398223"
}
],
"trust": 0.628721285
},
"last_update_date": "2024-08-14T13:43:05.760000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2021-226",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/ja-jp/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embed"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2021-36339 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-36339"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018028"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-250",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018028"
},
{
"db": "NVD",
"id": "CVE-2021-36339"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/000194640"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36339"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/dell-emc-virtual-appliances-user-access-via-undocumented-user-accounts-37123"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-36339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398223"
},
{
"db": "VULMON",
"id": "CVE-2021-36339"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018028"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2204"
},
{
"db": "NVD",
"id": "CVE-2021-36339"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-398223"
},
{
"db": "VULMON",
"id": "CVE-2021-36339"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018028"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2204"
},
{
"db": "NVD",
"id": "CVE-2021-36339"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-398223"
},
{
"date": "2022-01-21T00:00:00",
"db": "VULMON",
"id": "CVE-2021-36339"
},
{
"date": "2023-03-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-018028"
},
{
"date": "2021-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2204"
},
{
"date": "2022-01-21T21:15:08.563000",
"db": "NVD",
"id": "CVE-2021-36339"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-398223"
},
{
"date": "2022-10-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-36339"
},
{
"date": "2023-03-20T03:46:00",
"db": "JVNDB",
"id": "JVNDB-2021-018028"
},
{
"date": "2022-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2204"
},
{
"date": "2022-10-27T11:44:58.323000",
"db": "NVD",
"id": "CVE-2021-36339"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2204"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Dell\u00a0EMC\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018028"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2204"
}
],
"trust": 0.6
}
}
CVE-2022-31233 (GCVE-0-2022-31233)
Vulnerability from nvd – Published: 2022-08-31 20:05 – Updated: 2024-09-16 16:37
VLAI?
Summary
Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.
Severity ?
6.3 (Medium)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Unisphere for PowerMax |
Affected:
unspecified , < 9.2.3.15
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000200975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Unisphere for PowerMax",
"vendor": "Dell",
"versions": [
{
"lessThan": "9.2.3.15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T20:05:14",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000200975"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-06-27",
"ID": "CVE-2022-31233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Unisphere for PowerMax",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.3.15"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-602: Client-Side Enforcement of Server-Side Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000200975",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000200975"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-31233",
"datePublished": "2022-08-31T20:05:14.863050Z",
"dateReserved": "2022-05-19T00:00:00",
"dateUpdated": "2024-09-16T16:37:57.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36339 (GCVE-0-2021-36339)
Vulnerability from nvd – Published: 2022-01-21 20:15 – Updated: 2024-09-17 01:56
VLAI?
Summary
The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.
Severity ?
7.8 (High)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Solutions Enabler vApp |
Affected:
unspecified , < 9.2.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000194640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Enabler vApp",
"vendor": "Dell",
"versions": [
{
"lessThan": "9.2.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-21T20:15:18",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000194640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-12-19",
"ID": "CVE-2021-36339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Enabler vApp",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.2.2"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250: Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000194640",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000194640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-36339",
"datePublished": "2022-01-21T20:15:18.596269Z",
"dateReserved": "2021-07-08T00:00:00",
"dateUpdated": "2024-09-17T01:56:29.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36338 (GCVE-0-2021-36338)
Vulnerability from nvd – Published: 2022-01-21 20:15 – Updated: 2024-09-16 22:01
VLAI?
Summary
Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338.
Severity ?
6.3 (Medium)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Unisphere for PowerMax |
Affected:
unspecified , < 9.2.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000194640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Unisphere for PowerMax",
"vendor": "Dell",
"versions": [
{
"lessThan": "9.2.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T20:05:13",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000194640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-12-19",
"ID": "CVE-2021-36338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Unisphere for PowerMax",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.2.2"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-602: Client-Side Enforcement of Server-Side Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000194640",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000194640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-36338",
"datePublished": "2022-01-21T20:15:17.003707Z",
"dateReserved": "2021-07-08T00:00:00",
"dateUpdated": "2024-09-16T22:01:34.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31233 (GCVE-0-2022-31233)
Vulnerability from cvelistv5 – Published: 2022-08-31 20:05 – Updated: 2024-09-16 16:37
VLAI?
Summary
Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.
Severity ?
6.3 (Medium)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Unisphere for PowerMax |
Affected:
unspecified , < 9.2.3.15
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000200975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Unisphere for PowerMax",
"vendor": "Dell",
"versions": [
{
"lessThan": "9.2.3.15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T20:05:14",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000200975"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-06-27",
"ID": "CVE-2022-31233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Unisphere for PowerMax",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.3.15"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-602: Client-Side Enforcement of Server-Side Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000200975",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000200975"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-31233",
"datePublished": "2022-08-31T20:05:14.863050Z",
"dateReserved": "2022-05-19T00:00:00",
"dateUpdated": "2024-09-16T16:37:57.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36339 (GCVE-0-2021-36339)
Vulnerability from cvelistv5 – Published: 2022-01-21 20:15 – Updated: 2024-09-17 01:56
VLAI?
Summary
The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.
Severity ?
7.8 (High)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Solutions Enabler vApp |
Affected:
unspecified , < 9.2.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000194640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Enabler vApp",
"vendor": "Dell",
"versions": [
{
"lessThan": "9.2.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-21T20:15:18",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000194640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-12-19",
"ID": "CVE-2021-36339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Enabler vApp",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.2.2"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250: Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000194640",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000194640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-36339",
"datePublished": "2022-01-21T20:15:18.596269Z",
"dateReserved": "2021-07-08T00:00:00",
"dateUpdated": "2024-09-17T01:56:29.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36338 (GCVE-0-2021-36338)
Vulnerability from cvelistv5 – Published: 2022-01-21 20:15 – Updated: 2024-09-16 22:01
VLAI?
Summary
Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338.
Severity ?
6.3 (Medium)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Unisphere for PowerMax |
Affected:
unspecified , < 9.2.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000194640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Unisphere for PowerMax",
"vendor": "Dell",
"versions": [
{
"lessThan": "9.2.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T20:05:13",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000194640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-12-19",
"ID": "CVE-2021-36338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Unisphere for PowerMax",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.2.2"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-602: Client-Side Enforcement of Server-Side Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000194640",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000194640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-36338",
"datePublished": "2022-01-21T20:15:17.003707Z",
"dateReserved": "2021-07-08T00:00:00",
"dateUpdated": "2024-09-16T22:01:34.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}