10 matches found
CVE-2021-21547
Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 expose Unisphere Administrator credentials in plain text when the Dell Upgrade Readiness Utility runs. The vulnerability is local: a high-privilege attacker could use the exposed password to access the system with the compromi...
CVE-2022-29085
CVE-2022-29085 affects Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173. The issue is a plain-text password storage vulnerability in which credentials of a high-privilege user are stored in plain text when certain off-array tools run on the system. A local high-privile...
CVE-2022-29084
Dell Unity family (Dell Unity, Dell UnityVSA, Dell Unity XT) versions before 5.2.0.0.5.173 are affected. The issue is that Unisphere GUI does not limit excessive authentication attempts, enabling a remote unauthenticated attacker to brute-force passwords and potentially take over accounts. Affect...
CVE-2022-29091
Summary: CVE-2022-29091 affects Dell Unity, Dell UnityVSA, and Dell UnityXT versions before 5.2.0.0.5.173. A Reflected Cross-Site Scripting vulnerability exists in the Unisphere GUI, enabling an unauthenticated remote attacker to trigger execution of malicious HTML/JavaScript in the victim’s brow...
CVE-2023-43067
Dell Unity prior to 5.3 contains an XML External Entity (XXE) vulnerability that could disclose local filesystem files via an XXE attack. Affected product: Dell Unity storage environments; affected version range is prior to 5.3. Root cause: XXE in XML parsing. Impact stated in sources includes ex...
CVE-2024-22229
Dell Unity prior to version 5.4 is affected by a vulnerability that allows an authenticated attacker to spoof log messages, enabling forging of entries, false alarms, and injection of content into logs, potentially compromising log integrity. The attacker can also prevent logging during malicious...
CVE-2023-43065
Dell Unity prior to version 5.3 contains a cross-site scripting (XSS) vulnerability that can be exploited by a low-privileged authenticated attacker to escalate privileges. Affected product: Dell Unity. Root cause and technical details are not fully disclosed in the provided documents, but multip...
CVE-2023-43066
Dell Unity CVE-2023-43066 affects versions prior to 5.3. This is a Restricted Shell Bypass vulnerability that enables an authenticated, local attacker to exploit by logging into the device CLI and issuing certain commands. Impact is described as high for confidentiality, integrity, and availabili...
CVE-2023-43082
Dell Unity prior to 5.3 is affected by a man-in-the-middle vulnerability in the vmadapter component. An attacker who obtains a CA-signed certificate from a trusted CA could spoof the vCenter CA, enabling potential credential or trust abuses. Affected product/version: Dell Unity prior to 5.3; vuln...
CVE-2023-43074
Dell Unity 5.3 is affected by an Arbitrary File Creation vulnerability. The root cause is a flaw that allows a remote unauthenticated attacker to craft arbitrary files via a request to the server, enabling potential file creation on the appliance. The issue is actionable with the information prov...