TROYANOSYVIRUS
Volver a CVEs

CVE-2022-34397

MEDIUM
6.9

Descripcion

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.

Detalles CVE

Puntuacion CVSS v3.16.9
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
Vector de ataqueADJACENT_NETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado2/13/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

dell:evasa_provider_virtual_appliancedell:solutions_enabler_virtual_appliancedell:unisphere_for_powermax_virtual_appliance

Debilidades (CWE)

CWE-863

Referencias

https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities(security_alert@emc.com)
https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.