Lucene search
K
DellEmc Unity Operating Environment

24 matches found

CVE
CVE
added 2019/09/03 4:52 p.m.121 views

CVE-2019-3754

Dell EMC CVE-2019-3754 affects Unity Operating Environment (and UnityVSA) versions prior to 5.0.0.0.5.116 and VNXe3200 prior to 3.1.10.9946299. It is a reflected cross-site scripting vulnerability on the cas/logout page: a remote unauthenticated attacker could induce a victim application user to ...

6.1CVSS6.1AI score0.01109EPSS
CVE
CVE
added 2022/04/08 7:50 p.m.99 views

CVE-2021-36287

CVE-2021-36287 affects Dell VNX2 for file, version 8.1.21.266 and earlier. The vulnerability is an unauthenticated remote code execution that could allow an unauthenticated attacker to run commands on the system. The available sources confirm the affected product and the broad impact (remote comm...

10CVSS10AI score0.02451EPSS
CVE
CVE
added 2022/04/08 7:50 p.m.86 views

CVE-2021-36290

Affected product: Dell VNX2 for File (versions 8.1.21.266 and earlier). Vulnerability: privilege escalation allowing a local attacker with admin rights to potentially gain higher privileges. Impact: local privilege elevation as described in the CVE entry. Remediation: Dell security update referen...

6.7CVSS6.8AI score0.00184EPSS
CVE
CVE
added 2022/04/08 7:50 p.m.83 views

CVE-2021-36293

Dell VNX2 for File (version 8.1.21.266 and earlier) is affected by a local privilege-escalation vulnerability. Documents consistently state a local malicious admin could potentially gain elevated privileges; no explicit exploit details are provided. A Dell security update addressing multiple vuln...

6.7CVSS6.8AI score0.00193EPSS
CVE
CVE
added 2022/04/08 7:50 p.m.79 views

CVE-2021-36288

CVE-2021-36288 corresponds to a path traversal vulnerability in Dell VNX2 for File (versions up to and including 8.1.21.266). An unauthenticated user could read/write restricted files due to improper input validation in the affected component. The exploitability is network-based with low attack c...

9.1CVSS9.1AI score0.00991EPSS
CVE
CVE
added 2023/02/14 3:34 p.m.75 views

CVE-2022-22564

Dell EMC Unity up to version 5.2.0.0.5.173 uses a broken cryptographic algorithm, enabling a remote, unauthenticated attacker to potentially perform MitM attacks and obtain sensitive information. Affected product: Dell EMC Unity unified storage array. Vulnerable component/behavior: cryptographic ...

5.9CVSS5.8AI score0.00451EPSS
CVE
CVE
added 2020/02/06 5:45 p.m.66 views

CVE-2020-5319

Dell EMC Unity family (Unity, Unity XT, UnityVSA) versions prior to 5.0.2.0.5.009 are affected by a Denial of Service vulnerability in the NAS Server SSH implementation used for SFTP. A remote unauthenticated attacker can cause a Storage Processor Panic by sending an out‑of‑order SSH sequence. Re...

7.8CVSS7.5AI score0.01402EPSS
CVE
CVE
added 2022/01/25 10:15 p.m.66 views

CVE-2021-36295

CVE-2021-36295 affects Dell VNX2 OE for File versions 8.1.21.266 and earlier. The vulnerability is an authenticated remote code execution flaw that allows a remote attacker with privileges to execute commands on the system. The available connected sources confirm this impact but do not provide an...

9CVSS7.5AI score0.02812EPSS
CVE
CVE
added 2021/01/05 9:40 p.m.65 views

CVE-2020-29489

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plaintext password storage vulnerability. A local authenticated attacker with access to system files can read a password file and use exposed credentials (including the Unisphere admin user) to gain access with the c...

6.7CVSS6.6AI score0.00164EPSS
CVE
CVE
added 2022/01/24 8:10 p.m.65 views

CVE-2021-43589

The CVE-2021-43589 entry describes a local OS command injection in Dell EMC Unity family (Unity, UnityVSA, UnityXT) for versions prior to 5.1.2.0.5.007. A locally authenticated user with high privileges may execute arbitrary commands on the Unity underlying OS with the vulnerable application’s pr...

7.2CVSS6.9AI score0.00444EPSS
CVE
CVE
added 2022/01/25 10:15 p.m.62 views

CVE-2021-36289

Dell VNX2 OE for File (versions ≤ 8.1.21.266) contains a local information-disclosure vulnerability. The underlying issue is an over-collection/export of data by the application, allowing a local attacker to read sensitive information. The affected component is the VNX2 OE for File software, with...

7.8CVSS7AI score0.00242EPSS
CVE
CVE
added 2018/04/30 8:0 p.m.60 views

CVE-2018-1183

CVE-2018-1183 is an XXE injection vulnerability affecting a broad set of Dell EMC products (Unisphere for VMAX, Solutions Enabler VMAs, VASA/VNX/VNXe OE, ViPR SRM, XtremIO, Unity OE, and related components) caused by the XML parser configuration that processes external entities. In affected versi...

9.8CVSS9.5AI score0.02112EPSS
CVE
CVE
added 2021/01/05 9:40 p.m.60 views

CVE-2020-29490

Dell EMC Unity, Unity XT, and UnityVSA (versions prior to 5.0.4.0.5.012) expose a Denial of Service vulnerability on NAS servers with NFS exports. The issue allows a remote authenticated attacker to trigger a Storage Processor Panic by sending specially crafted UDP requests. The connected CNVD/CV...

7.5CVSS6.2AI score0.01482EPSS
CVE
CVE
added 2021/07/12 3:40 p.m.59 views

CVE-2021-21591

CVE-2021-21591 affects Dell EMC Unity, Unity XT, and UnityVSA. The issue is a plain-text password storage vulnerability in versions prior to 5.1.0.0.5.394. A local high-privilege attacker could leverage an exposed password to access the system with the compromised user’s privileges. Exploitation ...

6.7CVSS6.6AI score0.00198EPSS
CVE
CVE
added 2021/01/05 9:40 p.m.57 views

CVE-2020-26199

Dell EMC Unity, Unity XT, and UnityVSA contain a plain-text password storage vulnerability in versions prior to 5.0.4.0.5.012. A local authenticated attacker with access to the log files can extract user credentials (including the Unisphere admin) and gain access with the compromised user’s privi...

6.7CVSS6.6AI score0.00261EPSS
CVE
CVE
added 2022/01/25 10:15 p.m.55 views

CVE-2021-36294

Dell VNX2 OE for File vulnerable versions: 8.1.21.266 and earlier. Root cause: authentication bypass by forging a cookie to login as arbitrary user. Impact: remote unauthenticated access with high risk (credentials/session compromise). Affected component: authentication mechanism in Dell VNX2 OE ...

9.8CVSS9.6AI score0.0156EPSS
CVE
CVE
added 2022/01/25 10:15 p.m.55 views

CVE-2021-36296

CVE-2021-36296 affects Dell VNX2 OE for File (versions ≤ 8.1.21.266). The vulnerability is an authenticated OS command injection/remote code execution in the VNX2 OS Command Handling, allowing a privileged, authenticated attacker to run commands on the affected system. The CVSSv3.1 base metrics i...

9CVSS7.4AI score0.02812EPSS
CVE
CVE
added 2019/07/18 3:47 p.m.54 views

CVE-2019-3741

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 store a password in plaintext inside the Unity Data Collection bundle (logs). A local authenticated attacker with access to this bundle can use the exposed password to gain access with the compromised user’s privileges. The documents do ...

7.8CVSS7.7AI score0.00336EPSS
CVE
CVE
added 2018/10/05 9:0 p.m.49 views

CVE-2018-11064

The CVE-2018-11064 entry applies to Dell EMC Unity OE (4.3.0.x, 4.3.1.x) and UnityVSA OE (4.3.0.x, 4.3.1.x). A local, authenticated attacker can exploit an Incorrect File Permissions flaw to alter multiple library files in the service tools, potentially enabling arbitrary code execution with elev...

7.8CVSS7.8AI score0.00392EPSS
CVE
CVE
added 2021/07/12 3:40 p.m.49 views

CVE-2021-21590

CVE-2021-21590 affects Dell EMC Unity, Unity XT, and UnityVSA (pre-5.1.0.0.5.394). The issue is a plain-text password storage vulnerability in the product’s local authentication data. A local, high-privilege attacker can use an exposed password to access the system with the compromised user’s pri...

6.7CVSS6.6AI score0.00198EPSS
CVE
CVE
added 2021/07/12 3:40 p.m.48 views

CVE-2021-21589

The CVE affects Dell EMC Unity, Unity XT, and UnityVSA prior to 5.1.0.0.5.394, where the system does not exit on failed Initialization. A local authenticated Service user could potentially escalate privileges, giving partial confidentiality/integrity/availability impact. Vulnerable component: ini...

6.7CVSS6.5AI score0.00193EPSS
CVE
CVE
added 2018/05/08 1:0 p.m.47 views

CVE-2018-1239

Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit these vulnerabilities to execute arbitrary OS commands as root on the affected system. The provided...

9CVSS7.7AI score0.03386EPSS
CVE
CVE
added 2018/09/28 6:0 p.m.43 views

CVE-2018-1246

Dell EMC Unity and UnityVSA are affected by CVE-2018-1246, a reflected cross-site scripting vulnerability in Unisphere. An unauthenticated remote attacker could entice a user to submit malicious HTML/JavaScript to Unisphere, which is then reflected back and executed by the user’s browser. The vul...

6.1CVSS6.1AI score0.01121EPSS
CVE
CVE
added 2019/07/18 3:47 p.m.40 views

CVE-2019-3734

Dell EMC Unity and UnityVSA (before 5.0.0.0.5.116) contain an improper authorization vulnerability in NAS Server quotas configuration. A remote authenticated Unisphere Operator could potentially edit quota configurations for other users. The issue is rooted in authorization controls governing NAS...

5.4CVSS4.4AI score0.01055EPSS