Lucene search

DellCVE-2022-45103

HistoryJan 18, 2023 - 3:15 p.m.

CVE-2022-45103

2023-01-1815:15:11

CWE-200

dell

web.nvd.nist.gov

cve-2022-45103

dell

unisphere

powermax

vasa provider

solution enabler

vapp

information disclosure

vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

44.0%

JSON

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.

Affected configurations

Nvd

Vulners

Node

dellemc_solutions_enabler_virtual_applianceRange<9.2.3.6

dellemc_unisphere_for_powermaxRange<9.2.3.22

dellemc_unisphere_for_powermaxRange10.0.0.0–10.0.0.5

dellemc_unisphere_for_powermax_virtual_applianceRange<9.2.3.22

dellemc_vasa_provider_virtual_applianceRange<9.2.4.15

dellsolutions_enablerRange<9.2.3.6

dellsolutions_enablerRange10.0.0.0–10.0.0.5

dellunisphere_360Range<9.2.3.12

dellvasa_providerRange<9.2.4.22standalone

dellpowermax_osMatch-

dellpowermax_osMatch5978

VendorProductVersionCPE
dellemc_solutions_enabler_virtual_appliance*cpe:2.3:a:dell:emc_solutions_enabler_virtual_appliance:*:*:*:*:*:*:*:*
dellemc_unisphere_for_powermax*cpe:2.3:a:dell:emc_unisphere_for_powermax:*:*:*:*:*:*:*:*
dellemc_unisphere_for_powermax_virtual_appliance*cpe:2.3:a:dell:emc_unisphere_for_powermax_virtual_appliance:*:*:*:*:*:*:*:*
dellemc_vasa_provider_virtual_appliance*cpe:2.3:a:dell:emc_vasa_provider_virtual_appliance:*:*:*:*:*:*:*:*
dellsolutions_enabler*cpe:2.3:a:dell:solutions_enabler:*:*:*:*:*:*:*:*
dellunisphere_360*cpe:2.3:a:dell:unisphere_360:*:*:*:*:*:*:*:*
dellvasa_provider*cpe:2.3:a:dell:vasa_provider:*:*:*:*:standalone:*:*:*
dellpowermax_os-cpe:2.3:o:dell:powermax_os:-:*:*:*:*:*:*:*
dellpowermax_os5978cpe:2.3:o:dell:powermax_os:5978:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	emc_solutions_enabler_virtual_appliance	*	cpe:2.3:a:dell:emc_solutions_enabler_virtual_appliance::::::::
dell	emc_unisphere_for_powermax	*	cpe:2.3:a:dell:emc_unisphere_for_powermax::::::::
dell	emc_unisphere_for_powermax_virtual_appliance	*	cpe:2.3:a:dell:emc_unisphere_for_powermax_virtual_appliance::::::::
dell	emc_vasa_provider_virtual_appliance	*	cpe:2.3:a:dell:emc_vasa_provider_virtual_appliance::::::::
dell	solutions_enabler	*	cpe:2.3:a:dell:solutions_enabler::::::::
dell	unisphere_360	*	cpe:2.3:a:dell:unisphere_360::::::::
dell	vasa_provider	*	cpe:2.3:a:dell:vasa_provider:::::standalone:::*
dell	powermax_os	-	cpe:2.3:o:dell:powermax_os:-:::::::*
dell	powermax_os	5978	cpe:2.3:o:dell:powermax_os:5978:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Unisphere for PowerMax vApp",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "9.2.3.x"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

44.0%

JSON

Related for CVE-2022-45103