CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23690
https://notcve.org/view.php?id=CVE-2023-23690
Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices. Cloud Mobility for Dell EMC Storage, versiones 1.3.0.X e inferiores, contiene una vulnerabilidad de verificación incorrecta de revocación de certificados. • https://www.dell.com/support/kbdoc/en-us/000207521/dsa-2023-019-dell-emc-cloud-mobility-security-update-for-certificate-revocation-vulnerability • CWE-295: Improper Certificate Validation CWE-299: Improper Check for Certificate Revocation •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34434
https://notcve.org/view.php?id=CVE-2022-34434
Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application. Cloud Mobility para Dell Storage versiones 1.3.0 y anteriores, contiene una vulnerabilidad de control de acceso inapropiado en la base de datos Postgres. Un actor de la amenaza con acceso a nivel root a la vApp o a las versiones en contenedor de Cloud Mobility podría explotar esta vulnerabilidad, conllevando a una modificación o eliminación de tablas necesarias para muchas de las funcionalidades principales de Cloud Mobility. • https://www.dell.com/support/kbdoc/en-vc/000203434/dsa-2022-264-cloud-mobility-for-dell-storage-security-update-for-an-insecure-database-vulnerability • CWE-285: Improper Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33936
https://notcve.org/view.php?id=CVE-2022-33936
Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity. Cloud Mobility for Dell EMC Storage, versión 1.3.0.XXX, contiene una vulnerabilidad RCE. Un usuario no privilegiado podría explotar esta vulnerabilidad, conllevando a una obtención de un shell de root. • https://www.dell.com/support/kbdoc/en-us/000201258/dsa-2022-182-cloud-mobility-for-dell-emc-storage-security-update-for-a-path-traversal-rce-vulnerability •