CVE-2022-34446
https://notcve.org/view.php?id=CVE-2022-34446
PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration. • https://www.dell.com/support/kbdoc/000205404 • CWE-285: Improper Authorization •
CVE-2022-34452
https://notcve.org/view.php?id=CVE-2022-34452
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs. • https://www.dell.com/support/kbdoc/en-us/000205404/dsa-2022-283-powerpath-management-appliance-security-update-for-multiple-security-vulnerabilities • CWE-598: Use of GET Request Method With Sensitive Query Strings CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2021-43587
https://notcve.org/view.php?id=CVE-2021-43587
Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges. Dell PowerPath Management Appliance, versiones 3.2, 3.1, 3.0 P01, 3.0 y 2.6, usan una clave criptográfica embebida. Un usuario local malicioso con privilegios elevados podría explotar esta vulnerabilidad para conseguir acceso a los secretos y elevarse para conseguir privilegios superiores • https://www.dell.com/support/kbdoc/en-us/000194083/dsa-2021-260 • CWE-321: Use of Hard-coded Cryptographic Key •