8 matches found
CVE-2022-34447
Dell PowerPath Management Appliance (VM and Docker containerized) affected: versions 3.0, 3.1, 3.2, 3.3. The issue is an OS Command Injection vulnerability that an authenticated remote attacker with administrative privileges could exploit to run commands as root on the system. Root cause details ...
CVE-2022-34452
PowerPath Management Appliance (Dell) versions 3.0–3.3 are affected by a sensitive information disclosure vulnerability that can be exploited by an authenticated admin to view sensitive information stored in logs. Root cause details are not provided in the documents, but remediation is available ...
CVE-2022-34450
The CVE-2022-34450 entry concerns Dell PowerPath Management Appliance version 3.3, where an authenticated admin can escalate privileges to root. The vulnerability is described as an elevation of privilege allowing unrestricted code execution on the system. Public sources in the provided set ident...
CVE-2022-34448
Dell PowerPath Management Appliance versions 3.0–3.3 are affected by a Cross-site Request Forgery vulnerability that can be exploited by an unauthenticated, non-privileged user to perform privileged state-changing actions. Affected component is the PowerPath host management application; root caus...
CVE-2022-34449
PowerPath Management Appliance (Dell) versions 3.3 and 3.2* are affected by a Hardcoded Cryptographic Keys vulnerability. The issue enables authenticated admin users to view and modify sensitive information stored in the application due to hardcoded keys. Documented impact includes exposure of co...
CVE-2022-34446
Dell PowerPath Management Appliance (VM/Docker) versions 3.2–3.3 are affected by an Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., Monitoring) can access sensitive data and modify configuration due to weak access control. Affected component: PowerP...
CVE-2021-43587
CVE-2021-43587 affects Dell PowerPath Management Appliance (versions 3.2, 3.1, 3.0 P01, 3.0, 2.6) where a hard-coded cryptographic key enables a locally authenticated, high-privileged attacker to access secrets and escalate privileges. Root cause: hard-coded key in the appliance. Impact: unauthor...
CVE-2022-34451
PowerPath Management Appliance (Dell) is affected by a Stored Cross‑site Scripting vulnerability. Affects versions 3.3, 3.2*, 3.1, and 3.0*; the issue is exploitable by an authenticated admin user who could hijack user sessions or induce a victim application user to issue arbitrary requests to th...