Article Number: 000207177
High
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String | |
CVE-2022-45104 | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solutions Enabler vApp version 9.2.3.x contains an Improper Input Validation in vApp Manager’s Download Logs feature. A low privileged remote attacker may potentially exploit this vulnerability, leading to obtaining Remote Code Execution on the underlying system. | 8.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | |
CVE-2022-34397 | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solutions Enabler vApp version 10.0.0.2 and earlier contains an authorization bypass vulnerability, allowing users to perform actions for which they are not authorized. | 6.9 | CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N | |
CVE-2022-45103 | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solutions Enabler vApp version 9.2.3.x contains an Improper Input Validation in vApp Manager’s Download Logs feature. A low privileged remote attacker may potentially exploit this vulnerability, leading to an authenticated user to read arbitrary files on the underlying file system. | 5.7 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N | |
CVE-2022-34363 | Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX application running in vApp | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Third-party Component | CVEs | More information |
Apache Commons Text | CVE-2022-42889 | https://nvd.nist.gov/vuln/detail/CVE-2022-42889 |
Apache Commons Configuration | CVE-2022-33980 | https://nvd.nist.gov/vuln/detail/CVE-2022-33980 |
Oxygen XML WebHelp | CVE-2021-46827 | https://nvd.nist.gov/vuln/detail/CVE-2021-46827 |
SLES 12 SP5 (9.2.3) | ||
SLES 15 SP3 | See SUSE Update Advisories. | |
Oracle | CVE-2022-32215, CVE-2022-21634, CVE-2022-21597, CVE-2022-21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-39399, CVE-2022-21624, CVE-2022-21619 |
See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE. |
Windows 10 | CVE-2022-38041, CVE-2022-38040, CVE-2022-38045, CVE-2022-37995, CVE-2022-38022, CVE-2022-38028, CVE-2022 34689, CVE-2022-38026, CVE-2022-37986, CVE-2022-33645, CVE-2022-30198, CVE-2022-38043, CVE-2022-37987, CVE-2022-38021, CVE-2022-37984, CVE-2022-33635, CVE-2022-33634, CVE-2022-35770, CVE-2022-37975, CVE-2022-37994, CVE-2022-37965, CVE-2022-24504, CVE-2022-37997, CVE-2022-38042, CVE-2022-37993, CVE-2022-37991, CVE-2022-37990, CVE-2022-38038, CVE-2022-37989, CVE-2022-38037, CVE-2022-37988, CVE-2022-38033, CVE-2022-38032, CVE-2022-38031, CVE-2022-37982, CVE-2022-38029, CVE-2022-37977, CVE-2022-38034, CVE-2022-37978, CVE-2022-37970, CVE-2022-37983, CVE-2022-38016, CVE-2022-38030, CVE-2022-38039, CVE-2022-41081, CVE-2022-41033, CVE-2022-37981, CVE-2022-38003, CVE-2022-38051, CVE-2022-38050, CVE-2022-38000, CVE-2022-37996, CVE-2022-38027, CVE-2022-38044, CVE-2022-37999, CVE-2022-38047, CVE-2022-35803, CVE-2022-38006, CVE-2022-37958, CVE-2022-38005, CVE-2022-37957, CVE-2022-38004, CVE-2022-37956, CVE-2022-37955, CVE-2022-37954, CVE-2022-34734, CVE-2022-34733, CVE-2022-34732, CVE-2022-34731, CVE-2022-34730, CVE-2022-34729, CVE-2022-34728, CVE-2022-34727, CVE-2022-34726, CVE-2022-34725, CVE-2022-34722, CVE-2022-34721, CVE-2022-34720, CVE-2022-34719, CVE-2022-34718, CVE-2022-35841, CVE-2022-35840, CVE-2022-35837, CVE-2022-35836, CVE-2022-35835, CVE-2022-35834, CVE-2022-35833, CVE-2022-35832, CVE-2022-35831, CVE-2022-30200, CVE-2022-30196, CVE-2022-30170, CVE-2022-26928, CVE-2022-37969, CVE-2022-35822, CVE-2022-34711, CVE-2022-35771, CVE-2022-35794, CVE-2022-35766, CVE-2022-35765, CVE-2022-35764, CVE-2022-35760, CVE-2022-35754, CVE-2022-35820, CVE-2022-35768, CVE-2022-35767, CVE-2022-35769, CVE-2022-33670, CVE-2022-35793, CVE-2022-35757, CVE-2022-35797, CVE-2022-35763, CVE-2022-34703, CVE-2022-35795, CVE-2022-35792, CVE-2022-35762, CVE-2022-35761, CVE-2022-35759, CVE-2022-35758, CVE-2022-35756, CVE-2022-35755, CVE-2022-35753, CVE-2022-35752, CVE-2022-35750, CVE-2022-35749, CVE-2022-35747, CVE-2022-35746, CVE-2022-35745, CVE-2022-35744, CVE-2022-35743, CVE-2022-34714, CVE-2022-34713, CVE-2022-34710, CVE-2022-34709, CVE-2022-34708, CVE-2022-34707, CVE-2022-34706, CVE-2022-34705, CVE-2022-34704, CVE-2022-34702, CVE-2022-34701, CVE-2022-34699, CVE-2022-34691, CVE-2022-34690, CVE-2022-34302, CVE-2022-30194, CVE-2022-30144, CVE-2022-30133, CVE-2022-30197, CVE-2022-34301, CVE-2022-34303, CVE-2022-22035, CVE-2022-37985 |
See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE. |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String | |
CVE-2022-45104 | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solutions Enabler vApp version 9.2.3.x contains an Improper Input Validation in vApp Manager’s Download Logs feature. A low privileged remote attacker may potentially exploit this vulnerability, leading to obtaining Remote Code Execution on the underlying system. | 8.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | |
CVE-2022-34397 | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solutions Enabler vApp version 10.0.0.2 and earlier contains an authorization bypass vulnerability, allowing users to perform actions for which they are not authorized. | 6.9 | CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N | |
CVE-2022-45103 | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solutions Enabler vApp version 9.2.3.x contains an Improper Input Validation in vApp Manager’s Download Logs feature. A low privileged remote attacker may potentially exploit this vulnerability, leading to an authenticated user to read arbitrary files on the underlying file system. | 5.7 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N | |
CVE-2022-34363 | Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX application running in vApp | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Third-party Component | CVEs | More information |
Apache Commons Text | CVE-2022-42889 | https://nvd.nist.gov/vuln/detail/CVE-2022-42889 |
Apache Commons Configuration | CVE-2022-33980 | https://nvd.nist.gov/vuln/detail/CVE-2022-33980 |
Oxygen XML WebHelp | CVE-2021-46827 | https://nvd.nist.gov/vuln/detail/CVE-2021-46827 |
SLES 12 SP5 (9.2.3) | ||
SLES 15 SP3 | See SUSE Update Advisories. | |
Oracle | CVE-2022-32215, CVE-2022-21634, CVE-2022-21597, CVE-2022-21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-39399, CVE-2022-21624, CVE-2022-21619 |
See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE. |
Windows 10 | CVE-2022-38041, CVE-2022-38040, CVE-2022-38045, CVE-2022-37995, CVE-2022-38022, CVE-2022-38028, CVE-2022 34689, CVE-2022-38026, CVE-2022-37986, CVE-2022-33645, CVE-2022-30198, CVE-2022-38043, CVE-2022-37987, CVE-2022-38021, CVE-2022-37984, CVE-2022-33635, CVE-2022-33634, CVE-2022-35770, CVE-2022-37975, CVE-2022-37994, CVE-2022-37965, CVE-2022-24504, CVE-2022-37997, CVE-2022-38042, CVE-2022-37993, CVE-2022-37991, CVE-2022-37990, CVE-2022-38038, CVE-2022-37989, CVE-2022-38037, CVE-2022-37988, CVE-2022-38033, CVE-2022-38032, CVE-2022-38031, CVE-2022-37982, CVE-2022-38029, CVE-2022-37977, CVE-2022-38034, CVE-2022-37978, CVE-2022-37970, CVE-2022-37983, CVE-2022-38016, CVE-2022-38030, CVE-2022-38039, CVE-2022-41081, CVE-2022-41033, CVE-2022-37981, CVE-2022-38003, CVE-2022-38051, CVE-2022-38050, CVE-2022-38000, CVE-2022-37996, CVE-2022-38027, CVE-2022-38044, CVE-2022-37999, CVE-2022-38047, CVE-2022-35803, CVE-2022-38006, CVE-2022-37958, CVE-2022-38005, CVE-2022-37957, CVE-2022-38004, CVE-2022-37956, CVE-2022-37955, CVE-2022-37954, CVE-2022-34734, CVE-2022-34733, CVE-2022-34732, CVE-2022-34731, CVE-2022-34730, CVE-2022-34729, CVE-2022-34728, CVE-2022-34727, CVE-2022-34726, CVE-2022-34725, CVE-2022-34722, CVE-2022-34721, CVE-2022-34720, CVE-2022-34719, CVE-2022-34718, CVE-2022-35841, CVE-2022-35840, CVE-2022-35837, CVE-2022-35836, CVE-2022-35835, CVE-2022-35834, CVE-2022-35833, CVE-2022-35832, CVE-2022-35831, CVE-2022-30200, CVE-2022-30196, CVE-2022-30170, CVE-2022-26928, CVE-2022-37969, CVE-2022-35822, CVE-2022-34711, CVE-2022-35771, CVE-2022-35794, CVE-2022-35766, CVE-2022-35765, CVE-2022-35764, CVE-2022-35760, CVE-2022-35754, CVE-2022-35820, CVE-2022-35768, CVE-2022-35767, CVE-2022-35769, CVE-2022-33670, CVE-2022-35793, CVE-2022-35757, CVE-2022-35797, CVE-2022-35763, CVE-2022-34703, CVE-2022-35795, CVE-2022-35792, CVE-2022-35762, CVE-2022-35761, CVE-2022-35759, CVE-2022-35758, CVE-2022-35756, CVE-2022-35755, CVE-2022-35753, CVE-2022-35752, CVE-2022-35750, CVE-2022-35749, CVE-2022-35747, CVE-2022-35746, CVE-2022-35745, CVE-2022-35744, CVE-2022-35743, CVE-2022-34714, CVE-2022-34713, CVE-2022-34710, CVE-2022-34709, CVE-2022-34708, CVE-2022-34707, CVE-2022-34706, CVE-2022-34705, CVE-2022-34704, CVE-2022-34702, CVE-2022-34701, CVE-2022-34699, CVE-2022-34691, CVE-2022-34690, CVE-2022-34302, CVE-2022-30194, CVE-2022-30144, CVE-2022-30133, CVE-2022-30197, CVE-2022-34301, CVE-2022-34303, CVE-2022-22035, CVE-2022-37985 |
See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE. |
CVE-2022-45103, CVE-2022-45104: Dell Technologies would like to thank Antoine Carrincazeaux of Synacktiv for reporting these issues.
Revision | Date | Description |
1.0 | 2023-01-04 | Initial Version |
2.0 | 2023-01-10 | Minor Update to Acknowledgements |
3.0 | 2023-03-02 | Update Proprietary Code CVE |
4.0 | 2023-12-01 | formatting changes with content update. |
PowerMax, PowerMax, PowerMax 2000, PowerMax 2500, PowerMax 8000, PowerMax 8500, PowerMax Engine, PowerMaxOS 10, PowerMaxOS 5978, Product Security Information, Unisphere for PowerMax
08 Feb 2024
Dell Security Advisory