DSA-2022-283: PowerPath Management Appliance Security Update for Multiple Security Vulnerabilities

Résumé: PowerPath Management Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.
Consulter d’autres ressources

Impact

High

Détails

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-34446 PowerPath Management Appliance with versions 3.3 and 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (such as, of role Monitoring) may potentially exploit this issue and gain access to sensitive information and modify the configuration. 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34447 PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains operating system Command Injection vulnerability. An authenticated remote attacker with administrative privileges may potentially exploit the issue and perform commands on the system as the root user. 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34448 PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated nonprivileged user may potentially exploit the issue and perform any privileged state-changing actions.  8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-34449 PowerPath Management Appliance with versions 3.3 and 3.2* contains a hard-coded Cryptographic Keys vulnerability. Authenticated admin users may potentially exploit the issue that leads to view and modifying sensitive information that is stored in the application. 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CVE-2022-34450 PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user may potentially exploit this issue and gain unrestricted control/code execution on the system as root. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34451 PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user may potentially exploit this vulnerability to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server. 4.8
 		 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
 
CVE-2022-34452 PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user may potentially be able to exploit the issue and view sensitive information that is stored in the logs. 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-34446 PowerPath Management Appliance with versions 3.3 and 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (such as, of role Monitoring) may potentially exploit this issue and gain access to sensitive information and modify the configuration. 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34447 PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains operating system Command Injection vulnerability. An authenticated remote attacker with administrative privileges may potentially exploit the issue and perform commands on the system as the root user. 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34448 PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated nonprivileged user may potentially exploit the issue and perform any privileged state-changing actions.  8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-34449 PowerPath Management Appliance with versions 3.3 and 3.2* contains a hard-coded Cryptographic Keys vulnerability. Authenticated admin users may potentially exploit the issue that leads to view and modifying sensitive information that is stored in the application. 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CVE-2022-34450 PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user may potentially exploit this issue and gain unrestricted control/code execution on the system as root. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34451 PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user may potentially exploit this vulnerability to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server. 4.8
 		 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
 
CVE-2022-34452 PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user may potentially be able to exploit the issue and view sensitive information that is stored in the logs. 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Dell Technologies recommande à tous les clients de prendre en compte à la fois le score de base CVSS et les scores temporels et environnementaux pertinents qui peuvent avoir un impact sur la gravité potentielle associée à une faille de sécurité donnée.

Produits concernés et mesure corrective

CVEs Addressed  Product Affected Versions Updated Versions Link to Update
CVE-2022-34447 PowerPath Management Appliance 3.3, 3.2*, 3.1 & 3.0* 3.4 https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers
CVE-2022-34448
CVE-2022-34451
CVE-2022-34452
CVE-2022-34446 PowerPath Management Appliance 3.3 & 3.2* 3.4 https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers
CVE-2022-34449
CVE-2022-34450 PowerPath Management Appliance    3.3   3.4 https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers
 
CVEs Addressed  Product Affected Versions Updated Versions Link to Update
CVE-2022-34447 PowerPath Management Appliance 3.3, 3.2*, 3.1 & 3.0* 3.4 https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers
CVE-2022-34448
CVE-2022-34451
CVE-2022-34452
CVE-2022-34446 PowerPath Management Appliance 3.3 & 3.2* 3.4 https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers
CVE-2022-34449
CVE-2022-34450 PowerPath Management Appliance    3.3   3.4 https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers
 

Historique des révisions

RevisionDateDescription
1.02022-11-15Initial Release

Informations connexes

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Mention légale

Produits concernés

PowerPath Management Appliance, Product Security Information
Propriétés de l’article
Numéro d’article: 000205404
Type d’article: Dell Security Advisory
Dernière modification: 19 Sep 2025
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.