CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34451
https://notcve.org/view.php?id=CVE-2022-34451
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server. • https://www.dell.com/support/kbdoc/000205404 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34448
https://notcve.org/view.php?id=CVE-2022-34448
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions. • https://www.dell.com/support/kbdoc/000205404 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34447
https://notcve.org/view.php?id=CVE-2022-34447
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user. • https://www.dell.com/support/kbdoc/000205404 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 2.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34452
https://notcve.org/view.php?id=CVE-2022-34452
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs. • https://www.dell.com/support/kbdoc/en-us/000205404/dsa-2022-283-powerpath-management-appliance-security-update-for-multiple-security-vulnerabilities • CWE-598: Use of GET Request Method With Sensitive Query Strings CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2021-43587
https://notcve.org/view.php?id=CVE-2021-43587
Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges. Dell PowerPath Management Appliance, versiones 3.2, 3.1, 3.0 P01, 3.0 y 2.6, usan una clave criptográfica embebida. Un usuario local malicioso con privilegios elevados podría explotar esta vulnerabilidad para conseguir acceso a los secretos y elevarse para conseguir privilegios superiores • https://www.dell.com/support/kbdoc/en-us/000194083/dsa-2021-260 • CWE-321: Use of Hard-coded Cryptographic Key •