10 matches found
CVE-2025-22478
Dell Storage Center / Dell Storage Manager version 20.1.20 is affected by an XML External Entity (XXE) vulnerability caused by improper restriction of external entity references in XML processing. An unauthenticated attacker with adjacent network access could trigger information disclosure and da...
CVE-2025-23379
The provided records identify CVE-2025-23379 affecting Dell Storage Center (Dell Storage Manager) version 21.0.20, with a vulnerability described as an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting). An unauthenticated attacker with adjacent network access coul...
CVE-2025-22477
Dell Storage Center (Dell Storage Manager) version 20.1.20 is affected by an Improper Authentication vulnerability that enables Elevation of Privileges when an unauthenticated, adjacent-network attacker accesses the system. The connected PT-2025-19885 entry reinforces this and provides a remediat...
CVE-2025-22476
Dell Storage Center (Dell Storage Manager) 20.1.20 is affected by a Command Injection vulnerability (Improper Neutralization of Special Elements in commands). A low-privileged attacker with adjacent network access could potentially achieve remote code execution. The PT-2025-19884 document confirm...
CVE-2017-14384
Dell Storage Manager (pre-16.3.20) is affected by a directory traversal in the EMConfigMigration servlet/service. The flaw arises from insufficient input validation, allowing remote attackers to read unauthorized files by supplying crafted input parameters (no file deletion/modification). ZDI not...
CVE-2025-22479
Summary: CVE-2025-22479 affects Dell Storage Center / Dell Storage Manager, version 20.0.21. The root cause is an improper limitation of a pathname to a restricted directory, i.e., a path traversal that could allow an unauthenticated, adjacent-network attacker to inject scripts. The public docume...
CVE-2017-14374
Dell Storage Manager before 16.3.20 (2016 R3.20) stores a hard-coded password for the SMI-S service. A remote attacker who knows the credential could disable the SMI-S service via HTTP requests, impacting storage management and monitoring through the SMI-S interface. Affected platform is Windows ...
CVE-2025-43994
Dell Storage Center (Dell Storage Manager DSM 20.1.21) contains a Missing Authentication for a Critical Function vulnerability. An unauthenticated, remote attacker could potentially disclose information due to a missing authentication mechanism in a critical function. The impact is primarily info...
CVE-2025-46425
The CVE-2025-46425 entry concerns Dell Storage Manager (Dell Storage Center) with version 20.1.20, where an XML External Entity (XXE) vulnerability arises from improper restriction of external entities. Root cause: XML processing flaw in the affected component allows a low-privilege, remote attac...
CVE-2025-43995
Dell Storage Manager (Storage Center) 20.1.21 contains an improper authentication vulnerability that could let an unauthenticated attacker remotely bypass protections and access APIs exposed by ApiProxy.war in DataCollectorEar.ear via a crafted SessionKey and UserId (special users in compellentse...