Lucene search
K
DellUnityvsa Operating Environment

10 matches found

CVE
CVE
added 2021/04/30 9:10 p.m.76 views

CVE-2021-21547

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 expose Unisphere Administrator credentials in plain text when the Dell Upgrade Readiness Utility runs. The vulnerability is local: a high-privilege attacker could use the exposed password to access the system with the compromi...

6.7CVSS6.6AI score0.00143EPSS
CVE
CVE
added 2022/06/02 9:0 p.m.72 views

CVE-2022-29085

CVE-2022-29085 affects Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173. The issue is a plain-text password storage vulnerability in which credentials of a high-privilege user are stored in plain text when certain off-array tools run on the system. A local high-privile...

6.7CVSS6.6AI score0.00184EPSS
CVE
CVE
added 2022/06/02 9:0 p.m.71 views

CVE-2022-29084

Dell Unity family (Dell Unity, Dell UnityVSA, Dell Unity XT) versions before 5.2.0.0.5.173 are affected. The issue is that Unisphere GUI does not limit excessive authentication attempts, enabling a remote unauthenticated attacker to brute-force passwords and potentially take over accounts. Affect...

10CVSS9.6AI score0.01803EPSS
CVE
CVE
added 2022/05/26 3:20 p.m.70 views

CVE-2022-29091

Summary: CVE-2022-29091 affects Dell Unity, Dell UnityVSA, and Dell UnityXT versions before 5.2.0.0.5.173. A Reflected Cross-Site Scripting vulnerability exists in the Unisphere GUI, enabling an unauthenticated remote attacker to trigger execution of malicious HTML/JavaScript in the victim’s brow...

6.1CVSS6.2AI score0.00928EPSS
CVE
CVE
added 2023/10/23 3:5 p.m.62 views

CVE-2023-43067

Dell Unity prior to 5.3 contains an XML External Entity (XXE) vulnerability that could disclose local filesystem files via an XXE attack. Affected product: Dell Unity storage environments; affected version range is prior to 5.3. Root cause: XXE in XML parsing. Impact stated in sources includes ex...

6.5CVSS6.5AI score0.00442EPSS
CVE
CVE
added 2024/01/24 4:17 p.m.55 views

CVE-2024-22229

Dell Unity prior to version 5.4 is affected by a vulnerability that allows an authenticated attacker to spoof log messages, enabling forging of entries, false alarms, and injection of content into logs, potentially compromising log integrity. The attacker can also prevent logging during malicious...

4.3CVSS4.5AI score0.00298EPSS
CVE
CVE
added 2023/10/23 2:55 p.m.52 views

CVE-2023-43065

Dell Unity prior to version 5.3 contains a cross-site scripting (XSS) vulnerability that can be exploited by a low-privileged authenticated attacker to escalate privileges. Affected product: Dell Unity. Root cause and technical details are not fully disclosed in the provided documents, but multip...

5.5CVSS5.3AI score0.00288EPSS
CVE
CVE
added 2023/10/23 3:0 p.m.52 views

CVE-2023-43066

Dell Unity CVE-2023-43066 affects versions prior to 5.3. This is a Restricted Shell Bypass vulnerability that enables an authenticated, local attacker to exploit by logging into the device CLI and issuing certain commands. Impact is described as high for confidentiality, integrity, and availabili...

7.8CVSS7.4AI score0.00177EPSS
CVE
CVE
added 2023/11/22 4:16 p.m.50 views

CVE-2023-43082

Dell Unity prior to 5.3 is affected by a man-in-the-middle vulnerability in the vmadapter component. An attacker who obtains a CA-signed certificate from a trusted CA could spoof the vCenter CA, enabling potential credential or trust abuses. Affected product/version: Dell Unity prior to 5.3; vuln...

8.6CVSS5.6AI score0.00295EPSS
CVE
CVE
added 2023/10/23 2:50 p.m.46 views

CVE-2023-43074

Dell Unity 5.3 is affected by an Arbitrary File Creation vulnerability. The root cause is a flaw that allows a remote unauthenticated attacker to craft arbitrary files via a request to the server, enabling potential file creation on the appliance. The issue is actionable with the information prov...

7.5CVSS7.6AI score0.00471EPSS