Page 2 of 15 results (0.006 seconds)

CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0

Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system. Dell vApp Manager, las versiones anteriores a 9.2.4.x contienen una vulnerabilidad de lectura de archivos arbitraria. Un usuario malicioso remoto con altos privilegios podría explotar esta vulnerabilidad para leer archivos arbitrarios del sistema de destino. • https://www.dell.com/support/kbdoc/en-us/000220427/dsa-2023-443-dell-powermaxos-5978-dell-unisphere-360-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-solutions-enabler-virtual-appliance-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities • CWE-552: Files or Directories Accessible to External Parties •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system. Dell vApp Manager, las versiones anteriores a 9.2.4.x contienen una vulnerabilidad de lectura de archivos arbitraria. Un atacante remoto podría explotar esta vulnerabilidad para leer archivos arbitrarios del sistema de destino. • https://www.dell.com/support/kbdoc/en-us/000220427/dsa-2023-443-dell-powermaxos-5978-dell-unisphere-360-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-solutions-enabler-virtual-appliance-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0

Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit. • https://www.dell.com/support/kbdoc/en-uk/000189606/dsa-2021-134-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-and-dell-emc-powermax-embedded-management-security-update-for-multiple-third-party-component-vulnerabilities • CWE-295: Improper Certificate Validation •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system. Las versiones 9.2.3.x de Dell Unisphere para PowerMax vApp, VASA Provider vApp y Solution Enabler vApp versión 9.2.3.x contienen una vulnerabilidad de divulgación de información. Un atacante remoto con pocos privilegios podría explotar esta vulnerabilidad, lo que llevaría a leer archivos arbitrarios en el sistema de archivos subyacente. • https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.0EPSS: 0%CPEs: 8EXPL: 0

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. Unisphere for PowerMax versiones anteriores a 9.2.3.15, contienen una vulnerabilidad de escalada de privilegios. Un usuario malicioso adyacente puede explotar potencialmente esta vulnerabilidad para escalar sus privilegios y acceder a funcionalidades a las que no presenta acceso • https://www.dell.com/support/kbdoc/000200975 • CWE-602: Client-Side Enforcement of Server-Side Security CWE-669: Incorrect Resource Transfer Between Spheres •