DSA-2022-283: PowerPath Management Appliance Security Update for Multiple Security Vulnerabilities
Resumen: PowerPath Management Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Impacto
High
Detalles
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34446 | PowerPath Management Appliance with versions 3.3 and 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (such as, of role Monitoring) may potentially exploit this issue and gain access to sensitive information and modify the configuration. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34447 | PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains operating system Command Injection vulnerability. An authenticated remote attacker with administrative privileges may potentially exploit the issue and perform commands on the system as the root user. | 7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34448 | PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated nonprivileged user may potentially exploit the issue and perform any privileged state-changing actions. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| CVE-2022-34449 | PowerPath Management Appliance with versions 3.3 and 3.2* contains a hard-coded Cryptographic Keys vulnerability. Authenticated admin users may potentially exploit the issue that leads to view and modifying sensitive information that is stored in the application. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N |
| CVE-2022-34450 | PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user may potentially exploit this issue and gain unrestricted control/code execution on the system as root. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34451 | PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user may potentially exploit this vulnerability to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server. | 4.8 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
| CVE-2022-34452 | PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user may potentially be able to exploit the issue and view sensitive information that is stored in the logs. | 2.7 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34446 | PowerPath Management Appliance with versions 3.3 and 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (such as, of role Monitoring) may potentially exploit this issue and gain access to sensitive information and modify the configuration. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34447 | PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains operating system Command Injection vulnerability. An authenticated remote attacker with administrative privileges may potentially exploit the issue and perform commands on the system as the root user. | 7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34448 | PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated nonprivileged user may potentially exploit the issue and perform any privileged state-changing actions. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| CVE-2022-34449 | PowerPath Management Appliance with versions 3.3 and 3.2* contains a hard-coded Cryptographic Keys vulnerability. Authenticated admin users may potentially exploit the issue that leads to view and modifying sensitive information that is stored in the application. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N |
| CVE-2022-34450 | PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user may potentially exploit this issue and gain unrestricted control/code execution on the system as root. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34451 | PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user may potentially exploit this vulnerability to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server. | 4.8 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
| CVE-2022-34452 | PowerPath Management Appliance with versions 3.3, 3.2*, 3.1, and 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user may potentially be able to exploit the issue and view sensitive information that is stored in the logs. | 2.7 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
Corrección y productos afectados
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-34447 | PowerPath Management Appliance | 3.3, 3.2*, 3.1 & 3.0* | 3.4 | https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers |
| CVE-2022-34448 | ||||
| CVE-2022-34451 | ||||
| CVE-2022-34452 | ||||
| CVE-2022-34446 | PowerPath Management Appliance | 3.3 & 3.2* | 3.4 | https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers |
| CVE-2022-34449 | ||||
| CVE-2022-34450 | PowerPath Management Appliance | 3.3 | 3.4 | https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-34447 | PowerPath Management Appliance | 3.3, 3.2*, 3.1 & 3.0* | 3.4 | https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers |
| CVE-2022-34448 | ||||
| CVE-2022-34451 | ||||
| CVE-2022-34452 | ||||
| CVE-2022-34446 | PowerPath Management Appliance | 3.3 & 3.2* | 3.4 | https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers |
| CVE-2022-34449 | ||||
| CVE-2022-34450 | PowerPath Management Appliance | 3.3 | 3.4 | https://www.dell.com/support/home/en-us/product-support/product/powerpath-management-appliance/drivers |
Historial de revisiones
| Revision | Date | Description |
| 1.0 | 2022-11-15 | Initial Release |
Información relacionada
Descargo de responsabilidad
Productos afectados
PowerPath Management Appliance, Product Security InformationPropiedades del artículo
Número del artículo: 000205404
Tipo de artículo: Dell Security Advisory
Última modificación: 19 sept 2025
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.