Information Disclosure Vulnerability in Dell Unisphere for PowerMax and VASA Provider
CVE-2022-45103

6.5MEDIUM

Key Information:

Vendor: Dell
Status: Unisphere For Powermax Vapp
Vendor: CVE Published:; 18 January 2023

Summary

Dell Unisphere for PowerMax, VASA Provider, and Solution Enabler vApps version 9.2.3.x are affected by an information disclosure vulnerability. This flaw allows a low-privileged remote attacker to potentially exploit the system, enabling unauthorized access to read arbitrary files within the underlying file system. Mitigating this vulnerability is essential to safeguarding sensitive information and maintaining the integrity of the affected systems.

Affected Version(s)

Unisphere for PowerMax vApp 9.2.3.x

References

https://www.dell.com/support/kbdoc/en-us/000207177/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 18, 2023
Vulnerability Reserved
Nov 9, 2022