Search criteria
37 vulnerabilities found for powerstoreos by dell
FKIE_CVE-2025-36572
Vulnerability from fkie_nvd - Published: 2025-05-28 17:15 - Updated: 2025-06-09 18:58
Severity ?
Summary
Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based on the hardcoded account's privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | powerstoreos | * | |
| dell | powerstore_1000t | - | |
| dell | powerstore_1200t | - | |
| dell | powerstore_3000t | - | |
| dell | powerstore_3200q | - | |
| dell | powerstore_3200t | - | |
| dell | powerstore_5000t | - | |
| dell | powerstore_500t | - | |
| dell | powerstore_5200t | - | |
| dell | powerstore_7000t | - | |
| dell | powerstore_9000t | - | |
| dell | powerstore_9200t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB8A1DE-3010-4498-A606-72A916B45DB5",
"versionEndExcluding": "4.0.1.3-2494147",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:powerstore_1000t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5BE2B0-BB56-4E6C-8818-26910B23CE31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_1200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB965674-7EBA-437E-A13B-39BC3F3FE139",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_3000t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "861B5BE7-159A-41FF-9658-D243051CAC88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_3200q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8456D5B0-3D6A-4020-B693-D949EE2BA12E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_3200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A29ED1-5CE6-4D49-A079-7F4E6D782DE1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_5000t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5EE934-AD08-4C2B-B3EA-878975EE825E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_500t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B529671-71A1-428C-BC17-C8E002222FEA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_5200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FCFFD4-A989-4AF3-99DF-32AE2547D9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_7000t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37E8CD6E-65F4-48A0-B796-93E4EE51BD06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_9000t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB1B88-C9C0-4B08-84C6-279C79E34CD3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_9200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F90EFCBC-F720-4426-8043-EB1489820C22",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based on the hardcoded account\u0027s privileges."
},
{
"lang": "es",
"value": "Dell PowerStore, versi\u00f3n 4.0.0.0, contiene una vulnerabilidad de uso de credenciales codificadas en el archivo de imagen de PowerStore. Un atacante con pocos privilegios y acceso remoto, conociendo las credenciales codificadas, podr\u00eda explotar esta vulnerabilidad para obtener acceso no autorizado bas\u00e1ndose en los privilegios de la cuenta codificada."
}
],
"id": "CVE-2025-36572",
"lastModified": "2025-06-09T18:58:23.397",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security_alert@emc.com",
"type": "Secondary"
}
]
},
"published": "2025-05-28T17:15:24.093",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000325205/dsa-2025-223-dell-powerstore-t-security-update-for-multiple-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-51532
Vulnerability from fkie_nvd - Published: 2024-12-19 02:15 - Updated: 2025-01-29 21:06
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | powerstoreos | * | |
| dell | powerstore_1000t | - | |
| dell | powerstore_1200t | - | |
| dell | powerstore_3000t | - | |
| dell | powerstore_3200q | - | |
| dell | powerstore_3200t | - | |
| dell | powerstore_5000t | - | |
| dell | powerstore_500t | - | |
| dell | powerstore_5200t | - | |
| dell | powerstore_7000t | - | |
| dell | powerstore_9000t | - | |
| dell | powerstore_9200t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94A4F07D-9D88-4802-B126-658FEA21F558",
"versionEndExcluding": "4.0.1.0-2408234",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:powerstore_1000t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5BE2B0-BB56-4E6C-8818-26910B23CE31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_1200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB965674-7EBA-437E-A13B-39BC3F3FE139",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_3000t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "861B5BE7-159A-41FF-9658-D243051CAC88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_3200q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8456D5B0-3D6A-4020-B693-D949EE2BA12E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_3200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A29ED1-5CE6-4D49-A079-7F4E6D782DE1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_5000t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5EE934-AD08-4C2B-B3EA-878975EE825E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_500t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B529671-71A1-428C-BC17-C8E002222FEA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_5200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FCFFD4-A989-4AF3-99DF-32AE2547D9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_7000t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37E8CD6E-65F4-48A0-B796-93E4EE51BD06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_9000t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB1B88-C9C0-4B08-84C6-279C79E34CD3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_9200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F90EFCBC-F720-4426-8043-EB1489820C22",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files."
},
{
"lang": "es",
"value": "Dell PowerStore contiene una vulnerabilidad de neutralizaci\u00f3n incorrecta de delimitadores de argumentos en un comando (\u0027inyecci\u00f3n de argumentos\u0027). Un atacante con poco nivel de privilegios y acceso local podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda la modificaci\u00f3n de archivos arbitrarios del sistema."
}
],
"id": "CVE-2024-51532",
"lastModified": "2025-01-29T21:06:51.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-19T02:15:23.000",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-ie/000250483/dsa-2024-462-dell-powerstore-t-security-update-for-multiple-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-32478
Vulnerability from fkie_nvd - Published: 2023-07-21 06:15 - Updated: 2024-11-21 08:03
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | powerstoreos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A18C8D10-9C41-4CA7-AC51-FCD6AE9D191B",
"versionEndExcluding": "3.5.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nDell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.\n\n"
}
],
"id": "CVE-2023-32478",
"lastModified": "2024-11-21T08:03:26.307",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-21T06:15:09.910",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215171/dsa-2023-173-dell-powerstore-family-security-update-for-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215171/dsa-2023-173-dell-powerstore-family-security-update-for-multiple-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-26870
Vulnerability from fkie_nvd - Published: 2022-10-21 18:15 - Updated: 2024-11-21 06:54
Severity ?
7.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000196367 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000196367 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | powerstoreos | 2.1.0.0 | |
| dell | powerstoreos | 2.1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:powerstoreos:2.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D654464C-49A7-4C9F-A7A8-9523FC5F8A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:powerstoreos:2.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A138E8-C23C-4937-8033-78B8712516D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit."
},
{
"lang": "es",
"value": "Dell PowerStore versiones 2.1.0.x, contienen una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad bajo una configuraci\u00f3n espec\u00edfica. Un atacante obtendr\u00eda acceso no autorizado si la explotaci\u00f3n tuviera \u00e9xito"
}
],
"id": "CVE-2022-26870",
"lastModified": "2024-11-21T06:54:43.050",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-21T18:15:09.767",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-26867
Vulnerability from fkie_nvd - Published: 2022-06-02 21:15 - Updated: 2024-11-21 06:54
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000196367 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000196367 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | powerstoreos | * | |
| dell | powerstore_t | - | |
| dell | powerstore_x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDFA4223-64FF-436B-9F3E-94A5787F1193",
"versionEndExcluding": "2.1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:powerstore_t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68266E9E-493B-4481-937A-70CD0A7C353D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB6F8F1-8856-47B8-93BD-2D3F5164ED9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file."
},
{
"lang": "es",
"value": "PowerStore SW v2.1.1.0 soporta la opci\u00f3n de exportar datos a un archivo CSV o XLSX. Los datos se toman tal cual, sin ning\u00fan tipo de comprobaci\u00f3n o saneo. Esto permite a un usuario malicioso y autenticado inyectar cargas \u00fatiles que pueden ser interpretadas como f\u00f3rmulas por la aplicaci\u00f3n de hoja de c\u00e1lculo correspondiente que es usada para abrir el archivo CSV/XLSX"
}
],
"id": "CVE-2022-26867",
"lastModified": "2024-11-21T06:54:42.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-02T21:15:07.667",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-26866
Vulnerability from fkie_nvd - Published: 2022-06-02 21:15 - Updated: 2024-11-21 06:54
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Summary
Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000196367 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000196367 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | powerstoreos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDFA4223-64FF-436B-9F3E-94A5787F1193",
"versionEndExcluding": "2.1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery."
},
{
"lang": "es",
"value": "Dell PowerStore versiones anteriores a v2.1.1.0. contienen una vulnerabilidad de tipo Cross-Site Scripting almacenado. Un atacante de red con altos privilegios podr\u00eda explotar esta vulnerabilidad, conllevando al almacenamiento de c\u00f3digos HTML o JavaScript maliciosos en un almac\u00e9n de datos de la aplicaci\u00f3n confiable. Cuando un usuario v\u00edctima accede al almac\u00e9n de datos mediante su navegador, el c\u00f3digo malicioso es ejecutado por el navegador web en el contexto de la aplicaci\u00f3n web vulnerable. La explotaci\u00f3n puede conllevar a una divulgaci\u00f3n de informaci\u00f3n, el robo de sesiones o un ataque de tipo client-side request forgery"
}
],
"id": "CVE-2022-26866",
"lastModified": "2024-11-21T06:54:42.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-02T21:15:07.613",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-26868
Vulnerability from fkie_nvd - Published: 2022-06-02 21:15 - Updated: 2024-11-21 06:54
Severity ?
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000196367 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000196367 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | powerstoreos | * | |
| dell | powerstore_t | - | |
| dell | powerstore_x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84872DDA-0E67-4DB0-AB9E-5FFB2392EC5F",
"versionEndExcluding": "2.1.1.0",
"versionStartIncluding": "2.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:powerstore_t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68266E9E-493B-4481-937A-70CD0A7C353D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB6F8F1-8856-47B8-93BD-2D3F5164ED9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\u0027s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker."
},
{
"lang": "es",
"value": "Dell EMC PowerStore versiones 2.0.0.x, 2.0.1.x y 2.1.0.x de Dell EMC PowerStore son vulnerables a un fallo de inyecci\u00f3n de comandos. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad, conllevando a una ejecuci\u00f3n de comandos arbitrarios en el Sistema Operativo subyacente de la aplicaci\u00f3n, con los privilegios de la aplicaci\u00f3n vulnerable. La explotaci\u00f3n puede conllevar a una toma de control del sistema por parte de un atacante"
}
],
"id": "CVE-2022-26868",
"lastModified": "2024-11-21T06:54:42.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-02T21:15:07.723",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-26869
Vulnerability from fkie_nvd - Published: 2022-06-02 21:15 - Updated: 2024-11-21 06:54
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000196367 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000196367 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | powerstoreos | * | |
| dell | powerstore_t | - | |
| dell | powerstore_x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84872DDA-0E67-4DB0-AB9E-5FFB2392EC5F",
"versionEndExcluding": "2.1.1.0",
"versionStartIncluding": "2.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:powerstore_t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68266E9E-493B-4481-937A-70CD0A7C353D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:powerstore_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB6F8F1-8856-47B8-93BD-2D3F5164ED9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution."
},
{
"lang": "es",
"value": "Dell PowerStore versiones 2.0.0.x, 2.0.1.x y 2.1.0.x, contienen una vulnerabilidad de puerto abierto. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad, conllevando a una divulgaci\u00f3n de informaci\u00f3n y la ejecuci\u00f3n de c\u00f3digo arbitrario"
}
],
"id": "CVE-2022-26869",
"lastModified": "2024-11-21T06:54:42.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-02T21:15:07.773",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-22556
Vulnerability from fkie_nvd - Published: 2022-06-02 21:15 - Updated: 2024-11-21 06:47
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000196367 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000196367 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | powerstoreos | * | |
| dell | powerstore_t | - | |
| dell | powerstoreos | * | |
| dell | powerstore_x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95984D68-007E-42EA-A056-20D65D022857",
"versionEndExcluding": "2.1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:powerstore_t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68266E9E-493B-4481-937A-70CD0A7C353D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDFA4223-64FF-436B-9F3E-94A5787F1193",
"versionEndExcluding": "2.1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:powerstore_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB6F8F1-8856-47B8-93BD-2D3F5164ED9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service."
},
{
"lang": "es",
"value": "Dell PowerStore contiene una vulnerabilidad de consumo no controlado de recursos en la interfaz de usuario de PowerStore. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad, conllevando a una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2022-22556",
"lastModified": "2024-11-21T06:47:01.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-02T21:15:07.497",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-22557
Vulnerability from fkie_nvd - Published: 2022-06-02 21:15 - Updated: 2024-11-21 06:47
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000196367 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000196367 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | powerstoreos | * | |
| dell | powerstore_t | - | |
| dell | powerstoreos | * | |
| dell | powerstore_x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C43D89-8789-4516-95D3-F1616BDE803B",
"versionEndExcluding": "2.1.0.0",
"versionStartIncluding": "2.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:powerstore_t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68266E9E-493B-4481-937A-70CD0A7C353D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84872DDA-0E67-4DB0-AB9E-5FFB2392EC5F",
"versionEndExcluding": "2.1.1.0",
"versionStartIncluding": "2.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:powerstore_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB6F8F1-8856-47B8-93BD-2D3F5164ED9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X \u0026 T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account."
},
{
"lang": "es",
"value": "PowerStore contiene una vulnerabilidad de almacenamiento de contrase\u00f1as en texto plano en entornos PowerStore X \u0026amp; T ejecutando las versiones 2.0.0.x y 2.0.1.x Un atacante autenticado localmente podr\u00eda explotar esta vulnerabilidad, conllevando a una divulgaci\u00f3n de determinadas credenciales de usuario. El atacante podr\u00eda usar las credenciales expuestas para acceder a la aplicaci\u00f3n vulnerable con los privilegios de la cuenta comprometida"
}
],
"id": "CVE-2022-22557",
"lastModified": "2024-11-21T06:47:01.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-02T21:15:07.557",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-256"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-36572 (GCVE-0-2025-36572)
Vulnerability from cvelistv5 – Published: 2025-05-28 16:14 – Updated: 2025-05-28 16:26
VLAI?
Summary
Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based on the hardcoded account's privileges.
Severity ?
6.5 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerStore |
Affected:
N/A , < 4.0.1.3-2494147
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36572",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T16:26:23.374062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T16:26:34.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerStore",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.0.1.3-2494147",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-05-27T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based on the hardcoded account\u0027s privileges.\u003cbr\u003e"
}
],
"value": "Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based on the hardcoded account\u0027s privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T16:14:20.913Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000325205/dsa-2025-223-dell-powerstore-t-security-update-for-multiple-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-36572",
"datePublished": "2025-05-28T16:14:20.913Z",
"dateReserved": "2025-04-15T21:29:33.585Z",
"dateUpdated": "2025-05-28T16:26:34.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51532 (GCVE-0-2024-51532)
Vulnerability from cvelistv5 – Published: 2024-12-19 01:40 – Updated: 2024-12-24 00:40
VLAI?
Summary
Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
Severity ?
7.1 (High)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerStore |
Affected:
N/A , < 4.0.1.0-2408234
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:31:33.513216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:40:48.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerStore",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.0.1.0-2408234",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-12-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files."
}
],
"value": "Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T01:40:17.525Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-ie/000250483/dsa-2024-462-dell-powerstore-t-security-update-for-multiple-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-51532",
"datePublished": "2024-12-19T01:40:17.525Z",
"dateReserved": "2024-10-29T05:03:58.392Z",
"dateUpdated": "2024-12-24T00:40:48.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32478 (GCVE-0-2023-32478)
Vulnerability from cvelistv5 – Published: 2023-07-21 05:34 – Updated: 2024-10-21 13:06
VLAI?
Summary
Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.
Severity ?
9 (Critical)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerStore |
Affected:
Versions prior to 3.5.0.1-2083289
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:36.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215171/dsa-2023-173-dell-powerstore-family-security-update-for-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:03:37.553606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:06:57.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerStore",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "Versions prior to 3.5.0.1-2083289"
}
]
}
],
"datePublic": "2023-06-20T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.\u003c/span\u003e\n\n"
}
],
"value": "\nDell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-21T05:34:24.728Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215171/dsa-2023-173-dell-powerstore-family-security-update-for-multiple-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-32478",
"datePublished": "2023-07-21T05:34:24.728Z",
"dateReserved": "2023-05-09T06:09:57.041Z",
"dateUpdated": "2024-10-21T13:06:57.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26870 (GCVE-0-2022-26870)
Vulnerability from cvelistv5 – Published: 2022-10-21 18:05 – Updated: 2025-05-07 15:54
VLAI?
Summary
Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit.
Severity ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerStore |
Affected:
unspecified , < 2.1.x
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:38.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26870",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T15:54:29.803590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T15:54:42.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PowerStore",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.1.x",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-21T00:00:00.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"url": "https://www.dell.com/support/kbdoc/000196367"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-26870",
"datePublished": "2022-10-21T18:05:25.181Z",
"dateReserved": "2022-03-10T00:00:00.000Z",
"dateUpdated": "2025-05-07T15:54:42.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26869 (GCVE-0-2022-26869)
Vulnerability from cvelistv5 – Published: 2022-06-02 21:00 – Updated: 2024-09-16 18:14
VLAI?
Summary
Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution.
Severity ?
9.8 (Critical)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerStore |
Affected:
unspecified , < 2.0.0.x, 2.0.1.x, and 2.1.0.x
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:37.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerStore",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0.x, 2.0.1.x, and 2.1.0.x",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-02T21:00:28",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-04-19",
"ID": "CVE-2022-26869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerStore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.0.0.x, 2.0.1.x, and 2.1.0.x"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.8,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000196367",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000196367"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-26869",
"datePublished": "2022-06-02T21:00:28.124591Z",
"dateReserved": "2022-03-10T00:00:00",
"dateUpdated": "2024-09-16T18:14:38.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26868 (GCVE-0-2022-26868)
Vulnerability from cvelistv5 – Published: 2022-06-02 21:00 – Updated: 2024-09-17 04:25
VLAI?
Summary
Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.
Severity ?
6.4 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerStore |
Affected:
unspecified , < PowerStore SW v2.1.1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:38.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerStore",
"vendor": "Dell",
"versions": [
{
"lessThan": "PowerStore SW v2.1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\u0027s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-02T21:00:26",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-04-19",
"ID": "CVE-2022-26868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerStore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "PowerStore SW v2.1.1.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\u0027s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.4,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000196367",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000196367"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-26868",
"datePublished": "2022-06-02T21:00:26.788234Z",
"dateReserved": "2022-03-10T00:00:00",
"dateUpdated": "2024-09-17T04:25:11.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26867 (GCVE-0-2022-26867)
Vulnerability from cvelistv5 – Published: 2022-06-02 21:00 – Updated: 2024-09-16 17:03
VLAI?
Summary
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file.
Severity ?
5.9 (Medium)
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerStore |
Affected:
unspecified , < PowerStore SW v2.1.1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:38.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerStore",
"vendor": "Dell",
"versions": [
{
"lessThan": "PowerStore SW v2.1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-02T21:00:25",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-04-19",
"ID": "CVE-2022-26867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerStore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "PowerStore SW v2.1.1.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.9,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000196367",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000196367"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-26867",
"datePublished": "2022-06-02T21:00:25.273503Z",
"dateReserved": "2022-03-10T00:00:00",
"dateUpdated": "2024-09-16T17:03:58.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36572 (GCVE-0-2025-36572)
Vulnerability from nvd – Published: 2025-05-28 16:14 – Updated: 2025-05-28 16:26
VLAI?
Summary
Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based on the hardcoded account's privileges.
Severity ?
6.5 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerStore |
Affected:
N/A , < 4.0.1.3-2494147
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36572",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T16:26:23.374062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T16:26:34.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerStore",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.0.1.3-2494147",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-05-27T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based on the hardcoded account\u0027s privileges.\u003cbr\u003e"
}
],
"value": "Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based on the hardcoded account\u0027s privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T16:14:20.913Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000325205/dsa-2025-223-dell-powerstore-t-security-update-for-multiple-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-36572",
"datePublished": "2025-05-28T16:14:20.913Z",
"dateReserved": "2025-04-15T21:29:33.585Z",
"dateUpdated": "2025-05-28T16:26:34.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51532 (GCVE-0-2024-51532)
Vulnerability from nvd – Published: 2024-12-19 01:40 – Updated: 2024-12-24 00:40
VLAI?
Summary
Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
Severity ?
7.1 (High)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerStore |
Affected:
N/A , < 4.0.1.0-2408234
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:31:33.513216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:40:48.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerStore",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.0.1.0-2408234",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-12-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files."
}
],
"value": "Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T01:40:17.525Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-ie/000250483/dsa-2024-462-dell-powerstore-t-security-update-for-multiple-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-51532",
"datePublished": "2024-12-19T01:40:17.525Z",
"dateReserved": "2024-10-29T05:03:58.392Z",
"dateUpdated": "2024-12-24T00:40:48.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32478 (GCVE-0-2023-32478)
Vulnerability from nvd – Published: 2023-07-21 05:34 – Updated: 2024-10-21 13:06
VLAI?
Summary
Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.
Severity ?
9 (Critical)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerStore |
Affected:
Versions prior to 3.5.0.1-2083289
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:36.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215171/dsa-2023-173-dell-powerstore-family-security-update-for-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:03:37.553606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:06:57.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerStore",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "Versions prior to 3.5.0.1-2083289"
}
]
}
],
"datePublic": "2023-06-20T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.\u003c/span\u003e\n\n"
}
],
"value": "\nDell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-21T05:34:24.728Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215171/dsa-2023-173-dell-powerstore-family-security-update-for-multiple-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-32478",
"datePublished": "2023-07-21T05:34:24.728Z",
"dateReserved": "2023-05-09T06:09:57.041Z",
"dateUpdated": "2024-10-21T13:06:57.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26870 (GCVE-0-2022-26870)
Vulnerability from nvd – Published: 2022-10-21 18:05 – Updated: 2025-05-07 15:54
VLAI?
Summary
Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit.
Severity ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerStore |
Affected:
unspecified , < 2.1.x
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:38.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26870",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T15:54:29.803590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T15:54:42.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PowerStore",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.1.x",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-21T00:00:00.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"url": "https://www.dell.com/support/kbdoc/000196367"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-26870",
"datePublished": "2022-10-21T18:05:25.181Z",
"dateReserved": "2022-03-10T00:00:00.000Z",
"dateUpdated": "2025-05-07T15:54:42.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26869 (GCVE-0-2022-26869)
Vulnerability from nvd – Published: 2022-06-02 21:00 – Updated: 2024-09-16 18:14
VLAI?
Summary
Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution.
Severity ?
9.8 (Critical)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerStore |
Affected:
unspecified , < 2.0.0.x, 2.0.1.x, and 2.1.0.x
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:37.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerStore",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0.x, 2.0.1.x, and 2.1.0.x",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-02T21:00:28",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-04-19",
"ID": "CVE-2022-26869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerStore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.0.0.x, 2.0.1.x, and 2.1.0.x"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.8,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000196367",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000196367"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-26869",
"datePublished": "2022-06-02T21:00:28.124591Z",
"dateReserved": "2022-03-10T00:00:00",
"dateUpdated": "2024-09-16T18:14:38.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26868 (GCVE-0-2022-26868)
Vulnerability from nvd – Published: 2022-06-02 21:00 – Updated: 2024-09-17 04:25
VLAI?
Summary
Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.
Severity ?
6.4 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerStore |
Affected:
unspecified , < PowerStore SW v2.1.1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:38.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerStore",
"vendor": "Dell",
"versions": [
{
"lessThan": "PowerStore SW v2.1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\u0027s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-02T21:00:26",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000196367"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-04-19",
"ID": "CVE-2022-26868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerStore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "PowerStore SW v2.1.1.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\u0027s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.4,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000196367",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000196367"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-26868",
"datePublished": "2022-06-02T21:00:26.788234Z",
"dateReserved": "2022-03-10T00:00:00",
"dateUpdated": "2024-09-17T04:25:11.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202206-0057
Vulnerability from variot - Updated: 2024-02-13 01:55PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Dell's powerstoreos There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads.
An authorization issue vulnerability exists in Dell PowerStore, which can be exploited by attackers to leak certain user credentials
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0057",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powerstoreos",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "2.0.0.0"
},
{
"model": "powerstoreos",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.1.0.0"
},
{
"model": "powerstoreos",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.1.1.0"
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "2.0.0.0 that\u0027s all 2.1.0.0"
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "2.0.0.0 that\u0027s all 2.1.1.0"
},
{
"model": "powerstoreos",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "powerstore",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "2.0.0.*"
},
{
"model": "powerstore",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "2.0.1.*"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83208"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010919"
},
{
"db": "NVD",
"id": "CVE-2022-22557"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.0.0",
"versionStartIncluding": "2.0.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:powerstore_t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.1.0",
"versionStartIncluding": "2.0.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:powerstore_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22557"
}
]
},
"cve": "CVE-2022-22557",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2022-22557",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2022-83208",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-22557",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-22557",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-22557",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-83208",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-416",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-22557",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83208"
},
{
"db": "VULMON",
"id": "CVE-2022-22557"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010919"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-416"
},
{
"db": "NVD",
"id": "CVE-2022-22557"
},
{
"db": "NVD",
"id": "CVE-2022-22557"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X \u0026 T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Dell\u0027s powerstoreos There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads. \n\r\n\r\nAn authorization issue vulnerability exists in Dell PowerStore, which can be exploited by attackers to leak certain user credentials",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22557"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010919"
},
{
"db": "CNVD",
"id": "CNVD-2022-83208"
},
{
"db": "VULMON",
"id": "CVE-2022-22557"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22557",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010919",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-83208",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-416",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-22557",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83208"
},
{
"db": "VULMON",
"id": "CVE-2022-22557"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010919"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-416"
},
{
"db": "NVD",
"id": "CVE-2022-22557"
}
]
},
"id": "VAR-202206-0057",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83208"
}
],
"trust": 1.37272725
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83208"
}
]
},
"last_update_date": "2024-02-13T01:55:24.316000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Dell PowerStore Authorization Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/362271"
},
{
"title": "Dell EMC PowerStore Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=195970"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-rce "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83208"
},
{
"db": "VULMON",
"id": "CVE-2022-22557"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-416"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.0
},
{
"problemtype": "Inadequate protection of credentials (CWE-522) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010919"
},
{
"db": "NVD",
"id": "CVE-2022-22557"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.dell.com/support/kbdoc/000196367"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22557"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22557/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83208"
},
{
"db": "VULMON",
"id": "CVE-2022-22557"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010919"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-416"
},
{
"db": "NVD",
"id": "CVE-2022-22557"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-83208"
},
{
"db": "VULMON",
"id": "CVE-2022-22557"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010919"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-416"
},
{
"db": "NVD",
"id": "CVE-2022-22557"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-83208"
},
{
"date": "2022-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22557"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010919"
},
{
"date": "2022-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-416"
},
{
"date": "2022-06-02T21:15:07.557000",
"db": "NVD",
"id": "CVE-2022-22557"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-83208"
},
{
"date": "2023-07-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22557"
},
{
"date": "2023-08-17T08:35:00",
"db": "JVNDB",
"id": "JVNDB-2022-010919"
},
{
"date": "2023-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-416"
},
{
"date": "2023-07-24T13:31:16.280000",
"db": "NVD",
"id": "CVE-2022-22557"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-416"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0powerstoreos\u00a0 Vulnerability regarding insufficient protection of authentication information in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010919"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-416"
}
],
"trust": 0.6
}
}
VAR-202206-0172
Vulnerability from variot - Updated: 2024-02-13 01:53Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service. Dell's powerstoreos Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0172",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powerstoreos",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.1.1.0"
},
{
"model": "powerstoreos",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.1.0.0"
},
{
"model": "powerstoreos",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "2.1.1.0"
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "2.1.0.0"
},
{
"model": "powerstore",
"scope": null,
"trust": 0.6,
"vendor": "dell",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83209"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010739"
},
{
"db": "NVD",
"id": "CVE-2022-22556"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:powerstore_t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:powerstore_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22556"
}
]
},
"cve": "CVE-2022-22556",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-22556",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-83209",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-22556",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-22556",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-22556",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2022-83209",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-417",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-22556",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83209"
},
{
"db": "VULMON",
"id": "CVE-2022-22556"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010739"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-417"
},
{
"db": "NVD",
"id": "CVE-2022-22556"
},
{
"db": "NVD",
"id": "CVE-2022-22556"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service. Dell\u0027s powerstoreos Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22556"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010739"
},
{
"db": "CNVD",
"id": "CNVD-2022-83209"
},
{
"db": "VULMON",
"id": "CVE-2022-22556"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22556",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010739",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-83209",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-417",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-22556",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83209"
},
{
"db": "VULMON",
"id": "CVE-2022-22556"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010739"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-417"
},
{
"db": "NVD",
"id": "CVE-2022-22556"
}
]
},
"id": "VAR-202206-0172",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83209"
}
],
"trust": 1.37272725
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83209"
}
]
},
"last_update_date": "2024-02-13T01:53:10.250000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Dell PowerStore Resource Management Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/362296"
},
{
"title": "Dell EMC PowerStore Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=195762"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-rce "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83209"
},
{
"db": "VULMON",
"id": "CVE-2022-22556"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-417"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010739"
},
{
"db": "NVD",
"id": "CVE-2022-22556"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.dell.com/support/kbdoc/000196367"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22556"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22556/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83209"
},
{
"db": "VULMON",
"id": "CVE-2022-22556"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010739"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-417"
},
{
"db": "NVD",
"id": "CVE-2022-22556"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-83209"
},
{
"db": "VULMON",
"id": "CVE-2022-22556"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010739"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-417"
},
{
"db": "NVD",
"id": "CVE-2022-22556"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-83209"
},
{
"date": "2022-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22556"
},
{
"date": "2023-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010739"
},
{
"date": "2022-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-417"
},
{
"date": "2022-06-02T21:15:07.497000",
"db": "NVD",
"id": "CVE-2022-22556"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-83209"
},
{
"date": "2022-06-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22556"
},
{
"date": "2023-08-16T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-010739"
},
{
"date": "2022-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-417"
},
{
"date": "2022-06-11T01:51:35.703000",
"db": "NVD",
"id": "CVE-2022-22556"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-417"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0powerstoreos\u00a0 Resource exhaustion vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010739"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-417"
}
],
"trust": 0.6
}
}
VAR-202206-0125
Vulnerability from variot - Updated: 2023-12-18 13:55Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker. Dell's powerstoreos for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0125",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powerstoreos",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "2.0.0.0"
},
{
"model": "powerstoreos",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.1.1.0"
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "2.0.0.0 that\u0027s all 2.1.1.0"
},
{
"model": "powerstoreos",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "powerstore",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "2.0.0.*"
},
{
"model": "powerstore",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "2.0.1.*"
},
{
"model": "powerstore",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "2.1.0.*"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83205"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010904"
},
{
"db": "NVD",
"id": "CVE-2022-26868"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.1.0",
"versionStartIncluding": "2.0.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:powerstore_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:powerstore_t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26868"
}
]
},
"cve": "CVE-2022-26868",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2022-26868",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2022-83205",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-26868",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-26868",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-26868",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-83205",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-413",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-26868",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83205"
},
{
"db": "VULMON",
"id": "CVE-2022-26868"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010904"
},
{
"db": "NVD",
"id": "CVE-2022-26868"
},
{
"db": "NVD",
"id": "CVE-2022-26868"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-413"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\u0027s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker. Dell\u0027s powerstoreos for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26868"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010904"
},
{
"db": "CNVD",
"id": "CNVD-2022-83205"
},
{
"db": "VULMON",
"id": "CVE-2022-26868"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26868",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010904",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-83205",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-413",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-26868",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83205"
},
{
"db": "VULMON",
"id": "CVE-2022-26868"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010904"
},
{
"db": "NVD",
"id": "CVE-2022-26868"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-413"
}
]
},
"id": "VAR-202206-0125",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83205"
}
],
"trust": 1.37272725
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83205"
}
]
},
"last_update_date": "2023-12-18T13:55:25.490000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Dell PowerStore OS Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/362286"
},
{
"title": "Dell EMC PowerStore Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=195967"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83205"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-413"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010904"
},
{
"db": "NVD",
"id": "CVE-2022-26868"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.dell.com/support/kbdoc/000196367"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26868"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26868/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83205"
},
{
"db": "VULMON",
"id": "CVE-2022-26868"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010904"
},
{
"db": "NVD",
"id": "CVE-2022-26868"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-413"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-83205"
},
{
"db": "VULMON",
"id": "CVE-2022-26868"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010904"
},
{
"db": "NVD",
"id": "CVE-2022-26868"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-413"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-83205"
},
{
"date": "2022-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26868"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010904"
},
{
"date": "2022-06-02T21:15:07.723000",
"db": "NVD",
"id": "CVE-2022-26868"
},
{
"date": "2022-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-413"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-83205"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26868"
},
{
"date": "2023-08-17T08:35:00",
"db": "JVNDB",
"id": "JVNDB-2022-010904"
},
{
"date": "2022-06-13T17:14:20",
"db": "NVD",
"id": "CVE-2022-26868"
},
{
"date": "2022-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-413"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-413"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0powerstoreos\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010904"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-413"
}
],
"trust": 0.6
}
}
VAR-202206-0370
Vulnerability from variot - Updated: 2023-12-18 13:42Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution. Dell's powerstoreos Exists in a vulnerability related to the leakage of resources to the wrong area.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0370",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powerstoreos",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "2.0.0.0"
},
{
"model": "powerstoreos",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.1.1.0"
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "2.0.0.0 that\u0027s all 2.1.1.0"
},
{
"model": "powerstoreos",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "powerstore",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "2.0.0.*"
},
{
"model": "powerstore",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "2.0.1.*"
},
{
"model": "powerstore",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "2.1.0.*"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83204"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010903"
},
{
"db": "NVD",
"id": "CVE-2022-26869"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.1.0",
"versionStartIncluding": "2.0.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:powerstore_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:powerstore_t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26869"
}
]
},
"cve": "CVE-2022-26869",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2022-26869",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-83204",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-26869",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-26869",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-26869",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2022-83204",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-412",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-26869",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83204"
},
{
"db": "VULMON",
"id": "CVE-2022-26869"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010903"
},
{
"db": "NVD",
"id": "CVE-2022-26869"
},
{
"db": "NVD",
"id": "CVE-2022-26869"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-412"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution. Dell\u0027s powerstoreos Exists in a vulnerability related to the leakage of resources to the wrong area.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26869"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010903"
},
{
"db": "CNVD",
"id": "CNVD-2022-83204"
},
{
"db": "VULMON",
"id": "CVE-2022-26869"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26869",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010903",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-83204",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-412",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-26869",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83204"
},
{
"db": "VULMON",
"id": "CVE-2022-26869"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010903"
},
{
"db": "NVD",
"id": "CVE-2022-26869"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-412"
}
]
},
"id": "VAR-202206-0370",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83204"
}
],
"trust": 1.37272725
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83204"
}
]
},
"last_update_date": "2023-12-18T13:42:05.193000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Dell PowerStore Open Port Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/362291"
},
{
"title": "Dell EMC PowerStore Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=195966"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83204"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-412"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-668",
"trust": 1.0
},
{
"problemtype": "Leakage of resources to the wrong area (CWE-668) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010903"
},
{
"db": "NVD",
"id": "CVE-2022-26869"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.dell.com/support/kbdoc/000196367"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26869"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26869/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/668.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83204"
},
{
"db": "VULMON",
"id": "CVE-2022-26869"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010903"
},
{
"db": "NVD",
"id": "CVE-2022-26869"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-412"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-83204"
},
{
"db": "VULMON",
"id": "CVE-2022-26869"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010903"
},
{
"db": "NVD",
"id": "CVE-2022-26869"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-412"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-83204"
},
{
"date": "2022-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26869"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010903"
},
{
"date": "2022-06-02T21:15:07.773000",
"db": "NVD",
"id": "CVE-2022-26869"
},
{
"date": "2022-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-412"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-83204"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26869"
},
{
"date": "2023-08-17T08:35:00",
"db": "JVNDB",
"id": "JVNDB-2022-010903"
},
{
"date": "2022-06-13T17:14:52.360000",
"db": "NVD",
"id": "CVE-2022-26869"
},
{
"date": "2022-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-412"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-412"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0powerstoreos\u00a0 Vulnerability in leaking resources to the wrong area in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010903"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-412"
}
],
"trust": 0.6
}
}
VAR-202206-0171
Vulnerability from variot - Updated: 2023-12-18 13:32PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file. Dell's powerstoreos for, CSV A vulnerability exists regarding the neutralization of formula elements in files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads.
A formula injection vulnerability exists in Dell PowerStore that could be exploited by attackers to inject payloads
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0171",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powerstoreos",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.1.1.0"
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "powerstoreos",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "2.1.1.0"
},
{
"model": "powerstore",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "2.1.1.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83206"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010905"
},
{
"db": "NVD",
"id": "CVE-2022-26867"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:powerstore_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:powerstore_t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26867"
}
]
},
"cve": "CVE-2022-26867",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2022-26867",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2022-83206",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-26867",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-26867",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-26867",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-83206",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-414",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-26867",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83206"
},
{
"db": "VULMON",
"id": "CVE-2022-26867"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010905"
},
{
"db": "NVD",
"id": "CVE-2022-26867"
},
{
"db": "NVD",
"id": "CVE-2022-26867"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-414"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file. Dell\u0027s powerstoreos for, CSV A vulnerability exists regarding the neutralization of formula elements in files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads. \n\r\n\r\nA formula injection vulnerability exists in Dell PowerStore that could be exploited by attackers to inject payloads",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26867"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010905"
},
{
"db": "CNVD",
"id": "CNVD-2022-83206"
},
{
"db": "VULMON",
"id": "CVE-2022-26867"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26867",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010905",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-83206",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-414",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-26867",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83206"
},
{
"db": "VULMON",
"id": "CVE-2022-26867"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010905"
},
{
"db": "NVD",
"id": "CVE-2022-26867"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-414"
}
]
},
"id": "VAR-202206-0171",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83206"
}
],
"trust": 1.37272725
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83206"
}
]
},
"last_update_date": "2023-12-18T13:32:08.060000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Dell PowerStore Formula Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/362281"
},
{
"title": "Dell EMC PowerStore Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=195968"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83206"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-414"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1236",
"trust": 1.0
},
{
"problemtype": "CSV Improper neutralization of math elements in the file (CWE-1236) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010905"
},
{
"db": "NVD",
"id": "CVE-2022-26867"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.dell.com/support/kbdoc/000196367"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26867"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26867/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/1236.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83206"
},
{
"db": "VULMON",
"id": "CVE-2022-26867"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010905"
},
{
"db": "NVD",
"id": "CVE-2022-26867"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-414"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-83206"
},
{
"db": "VULMON",
"id": "CVE-2022-26867"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010905"
},
{
"db": "NVD",
"id": "CVE-2022-26867"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-414"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-83206"
},
{
"date": "2022-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26867"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010905"
},
{
"date": "2022-06-02T21:15:07.667000",
"db": "NVD",
"id": "CVE-2022-26867"
},
{
"date": "2022-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-414"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-83206"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26867"
},
{
"date": "2023-08-17T08:35:00",
"db": "JVNDB",
"id": "JVNDB-2022-010905"
},
{
"date": "2022-06-13T16:41:58.033000",
"db": "NVD",
"id": "CVE-2022-26867"
},
{
"date": "2022-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-414"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-414"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0powerstoreos\u00a0 In \u00a0CSV\u00a0 Vulnerability in neutralizing math elements in files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010905"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-414"
}
],
"trust": 0.6
}
}
VAR-202206-0293
Vulnerability from variot - Updated: 2023-12-18 13:00Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0293",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powerstoreos",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.1.1.0"
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "powerstoreos",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "2.1.1.0"
},
{
"model": "powerstore",
"scope": "lt",
"trust": 0.6,
"vendor": "dell",
"version": "2.1.1.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83207"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010906"
},
{
"db": "NVD",
"id": "CVE-2022-26866"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26866"
}
]
},
"cve": "CVE-2022-26866",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-26866",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2022-83207",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-417521",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-26866",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-26866",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-26866",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-83207",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-415",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-417521",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2022-26866",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83207"
},
{
"db": "VULHUB",
"id": "VHN-417521"
},
{
"db": "VULMON",
"id": "CVE-2022-26866"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010906"
},
{
"db": "NVD",
"id": "CVE-2022-26866"
},
{
"db": "NVD",
"id": "CVE-2022-26866"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-415"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26866"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010906"
},
{
"db": "CNVD",
"id": "CNVD-2022-83207"
},
{
"db": "VULHUB",
"id": "VHN-417521"
},
{
"db": "VULMON",
"id": "CVE-2022-26866"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26866",
"trust": 4.0
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010906",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-83207",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202206-415",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-417521",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-26866",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83207"
},
{
"db": "VULHUB",
"id": "VHN-417521"
},
{
"db": "VULMON",
"id": "CVE-2022-26866"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010906"
},
{
"db": "NVD",
"id": "CVE-2022-26866"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-415"
}
]
},
"id": "VAR-202206-0293",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83207"
},
{
"db": "VULHUB",
"id": "VHN-417521"
}
],
"trust": 1.47272725
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83207"
}
]
},
"last_update_date": "2023-12-18T13:00:47.256000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Dell PowerStore cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/362276"
},
{
"title": "Dell EMC PowerStore Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=195969"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83207"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-415"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417521"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010906"
},
{
"db": "NVD",
"id": "CVE-2022-26866"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.dell.com/support/kbdoc/000196367"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26866"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26866/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-83207"
},
{
"db": "VULHUB",
"id": "VHN-417521"
},
{
"db": "VULMON",
"id": "CVE-2022-26866"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010906"
},
{
"db": "NVD",
"id": "CVE-2022-26866"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-415"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-83207"
},
{
"db": "VULHUB",
"id": "VHN-417521"
},
{
"db": "VULMON",
"id": "CVE-2022-26866"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010906"
},
{
"db": "NVD",
"id": "CVE-2022-26866"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-415"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-83207"
},
{
"date": "2022-06-02T00:00:00",
"db": "VULHUB",
"id": "VHN-417521"
},
{
"date": "2022-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26866"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010906"
},
{
"date": "2022-06-02T21:15:07.613000",
"db": "NVD",
"id": "CVE-2022-26866"
},
{
"date": "2022-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-415"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-83207"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULHUB",
"id": "VHN-417521"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26866"
},
{
"date": "2023-08-17T08:35:00",
"db": "JVNDB",
"id": "JVNDB-2022-010906"
},
{
"date": "2022-06-13T16:36:31.630000",
"db": "NVD",
"id": "CVE-2022-26866"
},
{
"date": "2022-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-415"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-415"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0powerstoreos\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010906"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-415"
}
],
"trust": 0.6
}
}
VAR-202210-1583
Vulnerability from variot - Updated: 2023-12-18 13:00Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit. Dell's powerstoreos There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell EMC PowerStore is a storage device of Dell (Dell)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1583",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powerstoreos",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.1.0.1"
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.1.0.0"
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "2.1.0.0"
},
{
"model": "powerstoreos",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "2.1.0.1"
},
{
"model": "powerstoreos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019896"
},
{
"db": "NVD",
"id": "CVE-2022-26870"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:powerstoreos:2.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:powerstoreos:2.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26870"
}
]
},
"cve": "CVE-2022-26870",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-26870",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-26870",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-26870",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1605",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019896"
},
{
"db": "NVD",
"id": "CVE-2022-26870"
},
{
"db": "NVD",
"id": "CVE-2022-26870"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1605"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit. Dell\u0027s powerstoreos There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell EMC PowerStore is a storage device of Dell (Dell)",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26870"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019896"
},
{
"db": "VULHUB",
"id": "VHN-417525"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26870",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019896",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1605",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-417525",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417525"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019896"
},
{
"db": "NVD",
"id": "CVE-2022-26870"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1605"
}
]
},
"id": "VAR-202210-1583",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-417525"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:00:30.669000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell EMC PowerStore Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=211862"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1605"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417525"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019896"
},
{
"db": "NVD",
"id": "CVE-2022-26870"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.dell.com/support/kbdoc/000196367"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26870"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26870/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417525"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019896"
},
{
"db": "NVD",
"id": "CVE-2022-26870"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1605"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-417525"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019896"
},
{
"db": "NVD",
"id": "CVE-2022-26870"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1605"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-21T00:00:00",
"db": "VULHUB",
"id": "VHN-417525"
},
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019896"
},
{
"date": "2022-10-21T18:15:09.767000",
"db": "NVD",
"id": "CVE-2022-26870"
},
{
"date": "2022-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1605"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-24T00:00:00",
"db": "VULHUB",
"id": "VHN-417525"
},
{
"date": "2023-10-27T08:16:00",
"db": "JVNDB",
"id": "JVNDB-2022-019896"
},
{
"date": "2022-10-24T15:33:21.630000",
"db": "NVD",
"id": "CVE-2022-26870"
},
{
"date": "2022-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1605"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1605"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0powerstoreos\u00a0 Authentication vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019896"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1605"
}
],
"trust": 0.6
}
}