Authorization Bypass in Dell Unisphere for PowerMax and Related VApps
CVE-2022-34397

6.9MEDIUM

Key Information:

Vendor: Dell
Status: Unisphere For Powermax
Vendor: CVE Published:; 13 February 2023

What is CVE-2022-34397?

An authorization bypass vulnerability exists in Dell Unisphere for PowerMax, VASA Provider, and Solution Enabler versions up to 10.0.0.5. This flaw permits unauthorized users to execute actions that should be restricted, potentially leading to unauthorized access and manipulation of system resources. Organizations using these applications should review their security practices and update their systems to mitigate any risk associated with this vulnerability.

Affected Version(s)

Unisphere for PowerMax 0 < 10.0.0.5

References

https://www.dell.com/support/kbdoc/en-us/000207177/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2023
Vulnerability Reserved
Jun 23, 2022