Data Export Vulnerability in Dell PowerStore Software
CVE-2022-26867

5.9MEDIUM

Key Information:

Vendor: Dell
Status: Powerstore
Vendor: CVE Published:; 19 April 2022

Summary

Dell PowerStore Software version 2.1.1.0 is susceptible to an input validation vulnerability in its data export feature. When users export data to CSV or XLSX formats, the application does not properly validate or sanitize the exported data. This flaw permits an authenticated malicious user to inject payloads into the exported files, which may be executed as formulas in spreadsheet applications when the files are opened. Such actions can lead to unauthorized data manipulation and potentially expose sensitive information.

Affected Version(s)

PowerStore < unspecified

References

https://www.dell.com/support/kbdoc/000196367

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 19, 2022
Vulnerability Reserved
Mar 10, 2022