CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29095
https://notcve.org/view.php?id=CVE-2022-29095
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. Dell SupportAssist Client Consumer versiones (3.10.4 y anteriores) y Dell SupportAssist Client Commercial (3.1.1 y anteriores) contienen una vulnerabilidad de tipo cross-site scripting. Un usuario remoto malicioso no autenticado podría explotar esta vulnerabilidad bajo condiciones específicas que conllevan a una ejecución de código malicioso en un sistema vulnerable • https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities • CWE-16: Configuration CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29094
https://notcve.org/view.php?id=CVE-2022-29094
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system. Dell SupportAssist Client Consumer versiones (3.10.4 y versiones anteriores) y Dell SupportAssist Client Commercial (3.1.1 y versiones anteriores) contienen una vulnerabilidad de eliminación/sobreescritura arbitraria de archivos. Un usuario autenticado que no sea administrador podría aprovechar el problema y eliminar o sobrescribir archivos arbitrarios en el sistema • https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29093
https://notcve.org/view.php?id=CVE-2022-29093
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system. Dell SupportAssist Client Consumer versiones (3.10.4 y versiones anteriores) y Dell SupportAssist Client Commercial (3.1.1 y versiones anteriores) contienen una vulnerabilidad de eliminación de archivos arbitrarios. Un usuario autenticado que no sea administrador podría aprovechar el problema y eliminar archivos arbitrarios en el sistema • https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29092
https://notcve.org/view.php?id=CVE-2022-29092
Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system. Dell SupportAssist Client Consumer versiones (3.11.0 y versiones anteriores) y Dell SupportAssist Client Commercial (3.2.0 y versiones anteriores) contienen una vulnerabilidad de escalada de privilegios. Un usuario no administrador puede aprovechar la vulnerabilidad y conseguir acceso de administrador al sistema • https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29085
https://notcve.org/view.php?id=CVE-2022-29085
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. Dell Unity, Dell UnityVSA y Dell Unity XT versiones anteriores a la 5.2.0.0.5.173 contienen una vulnerabilidad en el almacenamiento de contraseñas de texto plano cuando son ejecutados determinadas herramientas fuera de la matriz en el sistema. Las credenciales de un usuario con altos privilegios son almacenadas en texto plano. • https://www.dell.com/support/kbdoc/000199050 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •