2 results (0.021 seconds)

CVSS: 3.3EPSS: 0%CPEs: 90EXPL: 0

Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit. • https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450 • CWE-295: Improper Certificate Validation •

CVSS: 7.5EPSS: 0%CPEs: 90EXPL: 0

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction. • https://www.dell.com/support/kbdoc/en-us/000214659/dsa-2023-200-security-update-for-dell-vxrail-for-multiple-third-party-component-vulnerabilities • CWE-20: Improper Input Validation •