65 matches found
CVE-2019-3754
Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could...
CVE-2019-3754
Dell EMC CVE-2019-3754 affects Unity Operating Environment (and UnityVSA) versions prior to 5.0.0.0.5.116 and VNXe3200 prior to 3.1.10.9946299. It is a reflected cross-site scripting vulnerability on the cas/logout page: a remote unauthenticated attacker could induce a victim application user to ...
Dell EMC Unity and UnityVSA Security Bypass Vulnerability
Dell EMC Unity and UnityVSA are both products of Dell, Inc.Dell EMC Unity is a unified storage array product.UnityVSA is a set of virtual Unity storage environments. A security vulnerability exists in Dell EMC Unity prior to version 5.0.0.0.5.116 and UnityVSA prior to version 5.0.0.0.5.116, which...
CVE-2019-3741
Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s including the admin privilege user password is stored in a plain text in Unity Data Collection bundle logs files for troubleshooting. A local authenticated attacker...
CVE-2019-3734
Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an improper authorization vulnerability in NAS Server quotas configuration. A remote authenticated Unisphere Operator could potentially exploit this vulnerability to edit quota configuration of other users...
Default credentials
Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s including the admin privilege user password is stored in a plain text in Unity Data Collection bundle logs files for troubleshooting. A local authenticated attacker...
Authorization
Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an improper authorization vulnerability in NAS Server quotas configuration. A remote authenticated Unisphere Operator could potentially exploit this vulnerability to edit quota configuration of other users...
CVE-2019-3734
Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an improper authorization vulnerability in NAS Server quotas configuration. A remote authenticated Unisphere Operator could potentially exploit this vulnerability to edit quota configuration of other users...
CVE-2019-3741
Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s including the admin privilege user password is stored in a plain text in Unity Data Collection bundle logs files for troubleshooting. A local authenticated attacker...
CVE-2019-3734
Dell EMC Unity and UnityVSA (before 5.0.0.0.5.116) contain an improper authorization vulnerability in NAS Server quotas configuration. A remote authenticated Unisphere Operator could potentially edit quota configurations for other users. The issue is rooted in authorization controls governing NAS...
CVE-2019-3741
Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 store a password in plaintext inside the Unity Data Collection bundle (logs). A local authenticated attacker with access to this bundle can use the exposed password to gain access with the compromised user’s privileges. The documents do ...
Design/Logic Flaw
Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result ...
CVE-2018-11064
The CVE-2018-11064 entry applies to Dell EMC Unity OE (4.3.0.x, 4.3.1.x) and UnityVSA OE (4.3.0.x, 4.3.1.x). A local, authenticated attacker can exploit an Incorrect File Permissions flaw to alter multiple library files in the service tools, potentially enabling arbitrary code execution with elev...
CVE-2018-11064
Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result ...
CVE-2018-1251
Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted...
Cross site scripting
Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the...
Authorization
Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. A remote authenticated user could potentially exploit this vulnerability to read files in NAS server by directly interacting with certain APIs of Unity OE, bypassing Role-Based...
Design/Logic Flaw
Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted...
CVE-2018-1246
Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the...
CVE-2018-1246
Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the...