CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44288
https://notcve.org/view.php?id=CVE-2023-44288
Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, leading to denial of service. Dell PowerScale OneFS, 8.2.2.x a 9.6.0.x, contiene un control inadecuado de un recurso a través de su vulnerabilidad de por vida. Un atacante de red no autenticado podría explotar esta vulnerabilidad y provocar una denegación de servicio. • https://www.dell.com/support/kbdoc/en-us/000219932/dsa-2023-417-dell-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities • CWE-664: Improper Control of a Resource Through its Lifetime •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44302
https://notcve.org/view.php?id=CVE-2023-44302
Dell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access of resources or functionality that could possibly lead to execute arbitrary code. Dell DM5500 5.14.0.0 y anteriores contienen una vulnerabilidad de autenticación incorrecta. Un atacante remoto no autenticado podría explotar esta vulnerabilidad para obtener acceso a recursos o funcionalidades que podrían conducir a la ejecución de código arbitrario. • https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities • CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44301
https://notcve.org/view.php?id=CVE-2023-44301
Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability. A network attacker with low privileges could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. Dell DM5500 5.14.0.0 y anteriores contienen una vulnerabilidad de cross-site scripting reflejada. Un atacante de red con privilegios bajos podría explotar esta vulnerabilidad, lo que llevaría a la ejecución de código HTML o JavaScript malicioso en el navegador web de un usuario víctima en el contexto de la aplicación web vulnerable. • https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44300
https://notcve.org/view.php?id=CVE-2023-44300
Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in the appliance. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain service credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Dell DM5500 5.14.0.0 contiene una vulnerabilidad de almacenamiento de contraseñas de texto plano en PPOE. Un atacante local con privilegios podría explotar esta vulnerabilidad, lo que daría lugar a la divulgación de determinadas credenciales de usuario. • https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44306
https://notcve.org/view.php?id=CVE-2023-44306
Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem. Dell DM5500 contiene una vulnerabilidad de path traversal en el componente PPOE. Un atacante remoto con altos privilegios podría explotar esta vulnerabilidad para sobrescribir los archivos almacenados en el sistema de archivos del servidor. • https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •