CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34453
https://notcve.org/view.php?id=CVE-2022-34453
Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default. • https://www.dell.com/support/kbdoc/en-us/000204809/dsa-2022-290-dell-xtremio-x2-security-advisory-for-xms-gui?lang=en • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31228
https://notcve.org/view.php?id=CVE-2022-31228
Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account. Dell EMC XtremIO versiones anteriores a X2 6.4.0-22, contienen una vulnerabilidad de fuerza bruta. Un atacante remoto no autenticado puede explotar potencialmente esta vulnerabilidad y conseguir acceso a una cuenta de administrador • https://www.dell.com/support/kbdoc/en-us/000204112/dsa-2022-145-dell-emc-xtremeio-for-ssh-and-web-ui-vulnerability • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21549
https://notcve.org/view.php?id=CVE-2021-21549
Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attacker could potentially exploit this vulnerability, leading to a privileged victim application user being tricked into sending state-changing requests to the vulnerable application, causing unintended server operations. Dell EMC XtremIO versiones anteriores a 6.3.3-8 presentan una vulnerabilidad de tipo Cross-Site Request Forgery en XMS. Un atacante no privilegiado podría potencialmente explotar esta vulnerabilidad, conllevando a un usuario de la aplicación víctima privilegiado ser engañado para que envíe peticiones de cambio de estado a la aplicación vulnerable, causando operaciones no deseadas en el servidor • https://www.dell.com/support/kbdoc/000186363 • CWE-352: Cross-Site Request Forgery (CSRF) •