24 matches found
CVE-2019-3754
Dell EMC CVE-2019-3754 affects Unity Operating Environment (and UnityVSA) versions prior to 5.0.0.0.5.116 and VNXe3200 prior to 3.1.10.9946299. It is a reflected cross-site scripting vulnerability on the cas/logout page: a remote unauthenticated attacker could induce a victim application user to ...
CVE-2021-36287
CVE-2021-36287 affects Dell VNX2 for file, version 8.1.21.266 and earlier. The vulnerability is an unauthenticated remote code execution that could allow an unauthenticated attacker to run commands on the system. The available sources confirm the affected product and the broad impact (remote comm...
CVE-2021-36290
Affected product: Dell VNX2 for File (versions 8.1.21.266 and earlier). Vulnerability: privilege escalation allowing a local attacker with admin rights to potentially gain higher privileges. Impact: local privilege elevation as described in the CVE entry. Remediation: Dell security update referen...
CVE-2021-36293
Dell VNX2 for File (version 8.1.21.266 and earlier) is affected by a local privilege-escalation vulnerability. Documents consistently state a local malicious admin could potentially gain elevated privileges; no explicit exploit details are provided. A Dell security update addressing multiple vuln...
CVE-2021-36288
CVE-2021-36288 corresponds to a path traversal vulnerability in Dell VNX2 for File (versions up to and including 8.1.21.266). An unauthenticated user could read/write restricted files due to improper input validation in the affected component. The exploitability is network-based with low attack c...
CVE-2022-22564
Dell EMC Unity up to version 5.2.0.0.5.173 uses a broken cryptographic algorithm, enabling a remote, unauthenticated attacker to potentially perform MitM attacks and obtain sensitive information. Affected product: Dell EMC Unity unified storage array. Vulnerable component/behavior: cryptographic ...
CVE-2020-5319
Dell EMC Unity family (Unity, Unity XT, UnityVSA) versions prior to 5.0.2.0.5.009 are affected by a Denial of Service vulnerability in the NAS Server SSH implementation used for SFTP. A remote unauthenticated attacker can cause a Storage Processor Panic by sending an out‑of‑order SSH sequence. Re...
CVE-2021-36295
CVE-2021-36295 affects Dell VNX2 OE for File versions 8.1.21.266 and earlier. The vulnerability is an authenticated remote code execution flaw that allows a remote attacker with privileges to execute commands on the system. The available connected sources confirm this impact but do not provide an...
CVE-2020-29489
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plaintext password storage vulnerability. A local authenticated attacker with access to system files can read a password file and use exposed credentials (including the Unisphere admin user) to gain access with the c...
CVE-2021-43589
The CVE-2021-43589 entry describes a local OS command injection in Dell EMC Unity family (Unity, UnityVSA, UnityXT) for versions prior to 5.1.2.0.5.007. A locally authenticated user with high privileges may execute arbitrary commands on the Unity underlying OS with the vulnerable application’s pr...
CVE-2021-36289
Dell VNX2 OE for File (versions ≤ 8.1.21.266) contains a local information-disclosure vulnerability. The underlying issue is an over-collection/export of data by the application, allowing a local attacker to read sensitive information. The affected component is the VNX2 OE for File software, with...
CVE-2018-1183
CVE-2018-1183 is an XXE injection vulnerability affecting a broad set of Dell EMC products (Unisphere for VMAX, Solutions Enabler VMAs, VASA/VNX/VNXe OE, ViPR SRM, XtremIO, Unity OE, and related components) caused by the XML parser configuration that processes external entities. In affected versi...
CVE-2020-29490
Dell EMC Unity, Unity XT, and UnityVSA (versions prior to 5.0.4.0.5.012) expose a Denial of Service vulnerability on NAS servers with NFS exports. The issue allows a remote authenticated attacker to trigger a Storage Processor Panic by sending specially crafted UDP requests. The connected CNVD/CV...
CVE-2021-21591
CVE-2021-21591 affects Dell EMC Unity, Unity XT, and UnityVSA. The issue is a plain-text password storage vulnerability in versions prior to 5.1.0.0.5.394. A local high-privilege attacker could leverage an exposed password to access the system with the compromised user’s privileges. Exploitation ...
CVE-2020-26199
Dell EMC Unity, Unity XT, and UnityVSA contain a plain-text password storage vulnerability in versions prior to 5.0.4.0.5.012. A local authenticated attacker with access to the log files can extract user credentials (including the Unisphere admin) and gain access with the compromised user’s privi...
CVE-2021-36294
Dell VNX2 OE for File vulnerable versions: 8.1.21.266 and earlier. Root cause: authentication bypass by forging a cookie to login as arbitrary user. Impact: remote unauthenticated access with high risk (credentials/session compromise). Affected component: authentication mechanism in Dell VNX2 OE ...
CVE-2021-36296
CVE-2021-36296 affects Dell VNX2 OE for File (versions ≤ 8.1.21.266). The vulnerability is an authenticated OS command injection/remote code execution in the VNX2 OS Command Handling, allowing a privileged, authenticated attacker to run commands on the affected system. The CVSSv3.1 base metrics i...
CVE-2019-3741
Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 store a password in plaintext inside the Unity Data Collection bundle (logs). A local authenticated attacker with access to this bundle can use the exposed password to gain access with the compromised user’s privileges. The documents do ...
CVE-2018-11064
The CVE-2018-11064 entry applies to Dell EMC Unity OE (4.3.0.x, 4.3.1.x) and UnityVSA OE (4.3.0.x, 4.3.1.x). A local, authenticated attacker can exploit an Incorrect File Permissions flaw to alter multiple library files in the service tools, potentially enabling arbitrary code execution with elev...
CVE-2021-21590
CVE-2021-21590 affects Dell EMC Unity, Unity XT, and UnityVSA (pre-5.1.0.0.5.394). The issue is a plain-text password storage vulnerability in the product’s local authentication data. A local, high-privilege attacker can use an exposed password to access the system with the compromised user’s pri...
CVE-2021-21589
The CVE affects Dell EMC Unity, Unity XT, and UnityVSA prior to 5.1.0.0.5.394, where the system does not exit on failed Initialization. A local authenticated Service user could potentially escalate privileges, giving partial confidentiality/integrity/availability impact. Vulnerable component: ini...
CVE-2018-1239
Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit these vulnerabilities to execute arbitrary OS commands as root on the affected system. The provided...
CVE-2018-1246
Dell EMC Unity and UnityVSA are affected by CVE-2018-1246, a reflected cross-site scripting vulnerability in Unisphere. An unauthenticated remote attacker could entice a user to submit malicious HTML/JavaScript to Unisphere, which is then reflected back and executed by the user’s browser. The vul...
CVE-2019-3734
Dell EMC Unity and UnityVSA (before 5.0.0.0.5.116) contain an improper authorization vulnerability in NAS Server quotas configuration. A remote authenticated Unisphere Operator could potentially edit quota configurations for other users. The issue is rooted in authorization controls governing NAS...