部分Dell产品 操作系统命令注入漏洞

Dell EMC Unisphere for PowerMax is a suite of graphical management tools for PowerMax storage arrays from Dell USA. A security vulnerability exists in Dell EMC Unisphere for PowerMax vApp, VASA Provider vApp, and Solutions Enabler vApp version 9.2.3.x, which stems from the inclusion of incorrect...

The vulnerability of the vApp Manager component in corporate storage and data management systems like VMAX EMC Unisphere, EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, EMC VMAX Embedded Management allows a malicious actor to gain unauthorized access to the system.

The vulnerability of the vApp Manager component VMAX Virtual Appliance Manager in corporate storage and data management systems like VMAX EMC Unisphere, EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and EMC VMAX Embedded Management eManagement is related to the use of pre-installed...

Multiple Dell Products Arbitrary File Upload Vulnerability

Dell EMC Unisphere for VMAX Virtual Appliance, etc. are products of Dell Inc. in the U.S. Dell EMC Unisphere for VMAX Virtual Appliance vApp is a management tool for VMAX storage arrays.EMC Solutions Enabler Virtual Appliance is a solutions application virtual appliance. An arbitrary file upload...

Design/Logic Flaw

An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management eManagement: Dell EMC Unisphere for VMAX Virtual Appliance versions prior to...

Hardcoded credentials

A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management eManagement: Dell EMC Unisphere for VMAX Virtual Appliance versions prior to...

CVE-2018-1215

An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management eManagement: Dell EMC Unisphere for VMAX Virtual Appliance versions prior to...

CVE-2018-1216

A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management eManagement: Dell EMC Unisphere for VMAX Virtual Appliance versions prior to...

CVE-2018-1215

An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management eManagement: Dell EMC Unisphere for VMAX Virtual Appliance versions prior to...

CVE-2018-1216

Dell EMC vApp Manager vulnerability (CVE-2018-1216) affects Unisphere for VMAX Virtual Appliance, Solutions Enabler Virtual Appliance, VASA Virtual Appliance, and VMAX Embedded Management (eManagement) with undoc default account (smc) and a hard-coded password. Versions affected: Unisphere for VM...

CVE-2018-1215

Dell EMC VMAX VApp Manager (and related appliances: Unisphere for VMAX Virtual Appliance, Solutions Enabler Virtual Appliance, VASA Virtual Appliance, and VMAX Embedded Management) is affected by CVE-2018-1215, a directory traversal/arbitrary file upload vulnerability in the vApp Manager. The iss...

CVE-2018-1216

A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management eManagement: Dell EMC Unisphere for VMAX Virtual Appliance versions prior to...

EMC vApp Manager Default Credentials

The EMC vApp Manager web application running on the remote host uses a default set of credentials 'smc' / 'smc'. An unauthenticated, remote attacker can exploit this issue to authenticate to the application and perform actions allowed by the default account. Specifically, the attacker can login a...

Dell EMC Patches Critical Flaws in VMAX Enterprise Storage Systems

Dell EMC fixed two critical flaws in its management interfaces for its VMAX enterprise storage systems. One of the vulnerabilities could allow a remote attacker to use a hard-coded password to a default account to gain unauthorized access to systems. The company issued updates that address the tw...

Vulnerability of EMC Unisphere for VMAX Virtual Appliance, EMC VMAX Embedded Management, EMC VASA Virtual Appliance, and EMC Solutions Enabler Virtual Appliance systems lies in their lack of access control mechanisms. This vulnerability allows attackers to bypass authentication procedures.

The vulnerabilities of EMC Unisphere for VMAX Virtual Appliance, EMC VMAX Embedded Management, EMC VASA Virtual Appliance, and EMC Solutions Enabler Virtual Appliance are related to deficiencies in access control. Exploiting these vulnerabilities could allow a malicious actor to bypass...

EMC Solutions Enabler Virtual Appliance < 8.4.0.15 Authentication Bypass Vulnerability

The version of EMC Solutions Enabler Virtual Appliance running on the remote host is prior to 8.4.0.15. It is, therefore, affected by an authentication bypass vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid104389; scriptversion"1.9";...

CVE-2017-14375

EMC Unisphere for VMAX Virtual Appliance vApp versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management eManagement versions prior to and including 1.4 Enginuity Release...

Authentication flaw

EMC Unisphere for VMAX Virtual Appliance vApp versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management eManagement versions prior to and including 1.4 Enginuity Release...

CVE-2017-14375

EMC CVE-2017-14375 is an authentication bypass vulnerability affecting multiple EMC appliances: Unisphere for VMAX Virtual Appliance vApp Manager, Solutions Enabler Virtual Appliance, VASA Provider Virtual Appliance, and VMAX eManagement. Affected versions (per sources) are: Unisphere vApp before...

EMC VMAX Virtual Appliance (vApp) Authentication Bypass Vulnerability

The vApp Manager which is embedded in EMC Unisphere for VMAX, Solutions Enabler, VASA Virtual Appliances, and EMC VMAX Embedded Management eManagement contains an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system. Affected...

EMC Solutions Enabler Virtual Appliance 8.x < 8.3.0 RCE

The version of EMC Solutions Enabler Virtual Appliance running on the remote host is 8.x prior to 8.3.0. It is, therefore, affected by multiple vulnerabilities : - Multiple flaws exist in the web interface related to the GeneralCmdRequest, PersistantDataRequest, and GetCommandExecRequest classes...