DSA-2025-393: Security Update for Storage Center - Dell Storage Manager Vulnerabilities

Resumo: Dell Storage Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise of the affected system.

Este artigo aplica-se a Este artigo não se aplica a Este artigo não está vinculado a nenhum produto específico. Nem todas as versões do produto estão identificadas neste artigo.
Confira outros recursos

Impacto

Critical

Dados

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-43995

Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An unauthenticated remote attacker can access APIs exposed by ApiProxy.war in DataCollectorEar.ear by using a special SessionKey and UserId. These userid are special users created in compellentservicesapi for special purposes.

 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-43994 Dell Storage Center - Dell Storage Manager, version(s) DSM 20.1.21, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-46425 Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-43995

Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An unauthenticated remote attacker can access APIs exposed by ApiProxy.war in DataCollectorEar.ear by using a special SessionKey and UserId. These userid are special users created in compellentservicesapi for special purposes.

 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-43994 Dell Storage Center - Dell Storage Manager, version(s) DSM 20.1.21, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-46425 Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

A Dell Technologies recomenda que todos os clientes levem em consideração a pontuação base CVSS e as pontuações temporais e ambientais pertinentes que possam afetar a gravidade potencial associada a uma vulnerabilidade de segurança específica.

Produtos afetados e soluções

Product Affected Versions Remediated Versions Link
Dell Storage Manager Versions prior to 2020 R1.21 Version 2020 R1.22 or later https://www.dell.com/support/product-details/product/storage-sc2000/drivers

 

Product Affected Versions Remediated Versions Link
Dell Storage Manager Versions prior to 2020 R1.21 Version 2020 R1.22 or later https://www.dell.com/support/product-details/product/storage-sc2000/drivers

 

Histórico de revisão

RevisionDateDescription
1.02025-10-24Initial Release
2.02025-10-24Updated the Remediated version to 2020 R1.22 or later

 

Agradecimentos

CVE-2025-43994. CVE-2025-43995: Dell would like to thank Tenable for reporting the issue.

CVE-2025-46425: Dell would like to thank Ahmed Y. Elmogy for reporting this issue.

Informações relacionadas

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Aviso de isenção legal

Produtos afetados

Dell Storage Manager, Dell Storage SC100, Dell Storage SC120, Dell Storage SC180, Dell Storage SC400, Dell Storage SC420, Dell Storage SC420F, Dell Storage SC460, Dell Storage SC5020, Dell Storage SC5020F

Produtos

SC Series, SCv Series, Storage System Management, Dell Storage SC8000, Dell Storage SCv2000, Dell Storage SCv2020, Dell Storage SCv2080, Dell Storage SC7020, Dell Storage SC7020F, Dell Storage SC9000, Dell Storage SCv300, Dell Storage SCv3000 , Dell Storage SCv3020, Dell Storage SCv320, Dell Storage SCv360 ...
Propriedades do artigo
Número do artigo: 000382899
Tipo de artigo: Dell Security Advisory
Último modificado: 24 out. 2025
Encontre as respostas de outros usuários da Dell para suas perguntas.
Serviços de suporte
Verifique se o dispositivo está coberto pelos serviços de suporte.