CVE-2022-34451
https://notcve.org/view.php?id=CVE-2022-34451
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server. • https://www.dell.com/support/kbdoc/000205404 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-34450
https://notcve.org/view.php?id=CVE-2022-34450
PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root. • https://www.dell.com/support/kbdoc/000205404 • CWE-183: Permissive List of Allowed Inputs •
CVE-2022-34449
https://notcve.org/view.php?id=CVE-2022-34449
PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application. • https://www.dell.com/support/kbdoc/000205404 • CWE-798: Use of Hard-coded Credentials •
CVE-2022-34448
https://notcve.org/view.php?id=CVE-2022-34448
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions. • https://www.dell.com/support/kbdoc/000205404 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-34447
https://notcve.org/view.php?id=CVE-2022-34447
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user. • https://www.dell.com/support/kbdoc/000205404 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •