CVE-2023-32448
https://notcve.org/view.php?id=CVE-2023-32448
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems. • https://www.dell.com/support/kbdoc/en-us/000214248/dsa-2023-154-powerpath-windows-security-update-for-security-update-for-multiple-vulnerabilities • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2023-28080
https://notcve.org/view.php?id=CVE-2023-28080
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. • https://www.dell.com/support/kbdoc/en-us/000214248/dsa-2023-154-powerpath-windows-security-update-for-security-update-for-multiple-vulnerabilities • CWE-427: Uncontrolled Search Path Element •
CVE-2023-28079
https://notcve.org/view.php?id=CVE-2023-28079
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. • https://www.dell.com/support/kbdoc/en-us/000214248/dsa-2023-154-powerpath-windows-security-update-for-security-update-for-multiple-vulnerabilities • CWE-276: Incorrect Default Permissions •
CVE-2022-34451
https://notcve.org/view.php?id=CVE-2022-34451
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server. • https://www.dell.com/support/kbdoc/000205404 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-34450
https://notcve.org/view.php?id=CVE-2022-34450
PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root. • https://www.dell.com/support/kbdoc/000205404 • CWE-183: Permissive List of Allowed Inputs •