CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-43065
https://notcve.org/view.php?id=CVE-2023-43065
23 Oct 2023 — Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges. Dell Unity anterior a 5.3 contiene una vulnerabilidad de Cross-Site Scripting. Un atacante autenticado con pocos privilegios puede aprovechar estos problemas para obtener privilegios aumentados. • https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-43074
https://notcve.org/view.php?id=CVE-2023-43074
23 Oct 2023 — Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server. Dell Unity 5.3 contiene una vulnerabilidad de creación arbitraria de archivos. Un atacante remoto no autenticado podría explotar esta vulnerabilidad creando archivos arbitrarios mediante una solicitud al servidor. • https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities • CWE-73: External Control of File Name or Path •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29085
https://notcve.org/view.php?id=CVE-2022-29085
02 Jun 2022 — Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. Dell Unity, Dell UnityVSA y Dell Unity XT versiones anteriores a la 5.2.0.0.5.173 contienen una vulnerabilidad en el almacena... • https://www.dell.com/support/kbdoc/000199050 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 3%CPEs: 3EXPL: 0CVE-2022-29084
https://notcve.org/view.php?id=CVE-2022-29084
02 Jun 2022 — Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users. Dell Unity, Dell UnityVSA y Dell Unity XT versiones anteriores a 5.2.0.5.173, no restringen los intentos de autenticación excesivos en la GUI de Unisphere. ... • https://www.dell.com/support/kbdoc/000199050 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29091
https://notcve.org/view.php?id=CVE-2022-29091
26 May 2022 — Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. Dell Unity, Dell UnityVSA y Dell UnityXT ve... • https://www.dell.com/support/kbdoc/000199446 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21547
https://notcve.org/view.php?id=CVE-2021-21547
30 Apr 2021 — Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. Dell EMC Unity, UnityVSA y Unity XT versiones anteriores a 5.0.7.0.5.008 contienen una vulnerabilidad de almacenamiento d... • https://www.dell.com/support/kbdoc/000185484 • CWE-312: Cleartext Storage of Sensitive Information •