Denial of service

Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service...

Design/Logic Flaw

PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet...

Cross site scripting

Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user...

Command injection

Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerabl...

Default credentials

PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use...

Design/Logic Flaw

Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution...

CVE-2022-26869

Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution...

CVE-2022-26869

Dell PowerStore (versions 2.0.0.x, 2.0.1.x, 2.1.0.x) contains an open port vulnerability that could be exploited remotely by an unauthenticated attacker to achieve information disclosure and arbitrary code execution. Impact is described as INFORMATION DISCLOSURE and HIGH- and CRITICAL-severity in...

CVE-2022-26868

Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerabl...

CVE-2022-26868

Dell PowerStore (Dell EMC) versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to an OS command injection. An authenticated attacker could execute arbitrary commands on the underlying OS with the vulnerable process’s privileges, potentially leading to system takeover. Affected component: PowerS...

CVE-2022-26867

PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet...

CVE-2022-26867

Dell PowerStore (SW v2.1.1.0) allows exporting data to CSV/XLSX without validation or sanitization. A malicious, authenticated user can inject payloads that spreadsheet applications may interpret as formulas when opening the exported file. This is a formula-injection risk in data export functiona...

CVE-2022-26866

Dell PowerStore is affected by a Stored Cross-Site Scripting vulnerability in versions before v2.1.1.0. A high-privilege network attacker could store malicious HTML/JavaScript in the trusted application data store; when victims access data via their browsers, the code can execute in the web app c...

CVE-2022-26866

Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user...

CVE-2022-22557

Dell PowerStore X & T appliances (PowerStore) are affected by CVE-2022-22557, with vulnerable components involving plain-text password storage in versions 2.0.0.x and 2.0.1.x. The issue enables a locally authenticated attacker to disclose certain user credentials, who may use exposed credentials ...

CVE-2022-22557

PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use...

CVE-2022-22556

Technical details about CVE-2022-22556 are not publicly provided in the connected documents. Available sources describe a Dell PowerStore UI resource consumption DoS vulnerability but do not disclose affected versions, root cause, exploits, or fixes. Monitor for updates.

CVE-2022-22556

Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service...

Dell EMC PowerStore 安全漏洞

Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable and intelligent infrastructure to deliver AppsON capabilities that enable the transformation of traditional and modern workloads.Dell PowerStore has an open port vulnerability that could be exploited by an...

PT-2022-15525 · Dell · Powerstore

Name of the Vulnerable Software and Affected Versions: PowerStore versions 2.0.0.x through 2.0.1.x Description: The issue is related to plain-text password storage in PowerStore X & T environments. A locally authenticated attacker could exploit this, leading to the disclosure of certain user...