CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-43065
https://notcve.org/view.php?id=CVE-2023-43065
23 Oct 2023 — Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges. Dell Unity anterior a 5.3 contiene una vulnerabilidad de Cross-Site Scripting. Un atacante autenticado con pocos privilegios puede aprovechar estos problemas para obtener privilegios aumentados. • https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-43074
https://notcve.org/view.php?id=CVE-2023-43074
23 Oct 2023 — Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server. Dell Unity 5.3 contiene una vulnerabilidad de creación arbitraria de archivos. Un atacante remoto no autenticado podría explotar esta vulnerabilidad creando archivos arbitrarios mediante una solicitud al servidor. • https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities • CWE-73: External Control of File Name or Path •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22564
https://notcve.org/view.php?id=CVE-2022-22564
14 Feb 2023 — Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. • https://www.dell.com/support/kbdoc/en-us/000199050/dsa-2022-021-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29085
https://notcve.org/view.php?id=CVE-2022-29085
02 Jun 2022 — Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. Dell Unity, Dell UnityVSA y Dell Unity XT versiones anteriores a la 5.2.0.0.5.173 contienen una vulnerabilidad en el almacena... • https://www.dell.com/support/kbdoc/000199050 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 3%CPEs: 3EXPL: 0CVE-2022-29084
https://notcve.org/view.php?id=CVE-2022-29084
02 Jun 2022 — Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users. Dell Unity, Dell UnityVSA y Dell Unity XT versiones anteriores a 5.2.0.5.173, no restringen los intentos de autenticación excesivos en la GUI de Unisphere. ... • https://www.dell.com/support/kbdoc/000199050 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29091
https://notcve.org/view.php?id=CVE-2022-29091
26 May 2022 — Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. Dell Unity, Dell UnityVSA y Dell UnityXT ve... • https://www.dell.com/support/kbdoc/000199446 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 10EXPL: 0CVE-2021-36293
https://notcve.org/view.php?id=CVE-2021-36293
08 Apr 2022 — Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges. Dell VNX2 for File versión 8.1.21.266 y anteriores, contienen una vulnerabilidad de escalada de privilegios. Un administrador local malicioso podría explotar la vulnerabilidad y alcanzar altos privilegios • https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 10EXPL: 0CVE-2021-36290
https://notcve.org/view.php?id=CVE-2021-36290
08 Apr 2022 — Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges. Dell VNX2 for file versión 8.1.21.266 y anteriores, contienen una vulnerabilidad de escalada de privilegios. Un administrador local malicioso podría explotar la vulnerabilidad y alcanzar privilegios • https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2021-36288
https://notcve.org/view.php?id=CVE-2021-36288
08 Apr 2022 — Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files Dell VNX2 for File versión 8.1.21.266 y anteriores, contienen una vulnerabilidad de salto de ruta que puede conllevar a usuarios no autenticados a leer/escribir archivos restringidos • https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0CVE-2021-36287
https://notcve.org/view.php?id=CVE-2021-36287
08 Apr 2022 — Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system. Dell VNX2 for file versión 8.1.21.266 y anteriores, contienen una vulnerabilidad de ejecución de código remota no autenticada que puede conllevar a usuarios no autenticados a ejecutar comandos en el sistema • https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •