Page 2 of 11 results (0.007 seconds)

CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0

PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application. • https://www.dell.com/support/kbdoc/000205404 • CWE-798: Use of Hard-coded Credentials •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions. • https://www.dell.com/support/kbdoc/000205404 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user. • https://www.dell.com/support/kbdoc/000205404 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration. • https://www.dell.com/support/kbdoc/000205404 • CWE-285: Improper Authorization •

CVSS: 2.7EPSS: 0%CPEs: 1EXPL: 0

PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs. • https://www.dell.com/support/kbdoc/en-us/000205404/dsa-2022-283-powerpath-management-appliance-security-update-for-multiple-security-vulnerabilities • CWE-598: Use of GET Request Method With Sensitive Query Strings CWE-668: Exposure of Resource to Wrong Sphere •