CVE-2023-43065
https://notcve.org/view.php?id=CVE-2023-43065
Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges. Dell Unity anterior a 5.3 contiene una vulnerabilidad de Cross-Site Scripting. Un atacante autenticado con pocos privilegios puede aprovechar estos problemas para obtener privilegios aumentados. • https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-43074
https://notcve.org/view.php?id=CVE-2023-43074
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server. Dell Unity 5.3 contiene una vulnerabilidad de creación arbitraria de archivos. Un atacante remoto no autenticado podría explotar esta vulnerabilidad creando archivos arbitrarios mediante una solicitud al servidor. • https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities • CWE-73: External Control of File Name or Path •
CVE-2022-22564
https://notcve.org/view.php?id=CVE-2022-22564
Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. • https://www.dell.com/support/kbdoc/en-us/000199050/dsa-2022-021-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2022-29085
https://notcve.org/view.php?id=CVE-2022-29085
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. Dell Unity, Dell UnityVSA y Dell Unity XT versiones anteriores a la 5.2.0.0.5.173 contienen una vulnerabilidad en el almacenamiento de contraseñas de texto plano cuando son ejecutados determinadas herramientas fuera de la matriz en el sistema. Las credenciales de un usuario con altos privilegios son almacenadas en texto plano. • https://www.dell.com/support/kbdoc/000199050 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVE-2022-29084
https://notcve.org/view.php?id=CVE-2022-29084
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users. Dell Unity, Dell UnityVSA y Dell Unity XT versiones anteriores a 5.2.0.5.173, no restringen los intentos de autenticación excesivos en la GUI de Unisphere. Un atacante remoto no autenticado puede explotar potencialmente esta vulnerabilidad para forzar las contraseñas y conseguir acceso al sistema como la víctima. • https://www.dell.com/support/kbdoc/000199050 • CWE-307: Improper Restriction of Excessive Authentication Attempts •