CVE-2022-33923
https://notcve.org/view.php?id=CVE-2022-33923
Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker. Dell PowerStore, versiones anteriores a 3.0.0.0, contiene una vulnerabilidad de inyección de comandos del Sistema Operativo en el entorno PowerStore T. Un atacante autenticado localmente podría potencialmente explotar esta vulnerabilidad, conllevando a una ejecución de un comando de SO arbitrario en el SO subyacente de PowerStore. • https://www.dell.com/support/kbdoc/000201283 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-31234
https://notcve.org/view.php?id=CVE-2022-31234
Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts Vulnerability in PowerStore Manager GUI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users. Dell EMC PowerStore, contiene una vulnerabilidad de restricción inapropiada de intentos de autenticación excesivos en la GUI de PowerStore Manager. Un atacante remoto no autenticado podría explotar esta vulnerabilidad, conllevando a forzar la contraseña. • https://www.dell.com/support/kbdoc/000201283 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2022-22555
https://notcve.org/view.php?id=CVE-2022-22555
Dell EMC PowerStore, contains an OS command injection Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the PowerStore underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege. Dell EMC PowerStore, contiene una vulnerabilidad de inyección de comandos del Sistema Operativo. Un atacante autenticado localmente podría potencialmente explotar esta vulnerabilidad, conllevando a una ejecución de comandos de SO arbitrarios en el SO subyacente de PowerStore, con los privilegios de la aplicación vulnerable. • https://www.dell.com/support/kbdoc/000201283 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2020-29502
https://notcve.org/view.php?id=CVE-2020-29502
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Dell EMC PowerStore versiones anteriores a 1.0.3.0.5.007, contienen una vulnerabilidad de Almacenamiento de Contraseña de Texto Plano en entornos PowerStore X & T. Un atacante autenticado localmente podría potencialmente explotar esta vulnerabilidad, conllevando a la divulgación de determinadas credenciales de usuario. • https://www.dell.com/support/kbdoc/000180775 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2020-29501
https://notcve.org/view.php?id=CVE-2020-29501
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Dell EMC PowerStore versiones anteriores a 1.0.3.0.5.007, contienen una vulnerabilidad de Almacenamiento de Contraseña de Texto Plano en entornos PowerStore X & T. Un atacante autenticado localmente podría potencialmente explotar esta vulnerabilidad, conllevando a la divulgación de determinadas credenciales de usuario. • https://www.dell.com/support/kbdoc/000180775 • CWE-312: Cleartext Storage of Sensitive Information •