Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-3720

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-25 Apr, 2019 | 20:17
Updated At-16 Sep, 2024 | 16:32
Rejected At-
Credits

Directory Traversal Vulnerability

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:25 Apr, 2019 | 20:17
Updated At:16 Sep, 2024 | 16:32
Rejected At:
â–¼CVE Numbering Authority (CNA)
Directory Traversal Vulnerability

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters.

Affected Products
Vendor
Dell Inc.Dell EMC
Product
Open Manage System Administrator
Versions
Affected
  • From 9.3 before 9.3 (custom)
Problem Types
TypeCWE IDDescription
textN/ADirectory Traversal Vulnerability
Type: text
CWE ID: N/A
Description: Directory Traversal Vulnerability
Metrics
VersionBase scoreBase severityVector
3.04.9MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Version: 3.0
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Dell EMC would like to thank Harrison Neal for reporting this issue.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en
x_refsource_MISC
http://www.securityfocus.com/bid/108092
vdb-entry
x_refsource_BID
Hyperlink: https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/108092
Resource:
vdb-entry
x_refsource_BID
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/108092
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/108092
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:25 Apr, 2019 | 21:29
Updated At:10 Feb, 2023 | 02:23

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Secondary3.04.9MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N
CPE Matches
Dell Inc.
dell
>>emc_openmanage_server_administrator>>Versions before 9.3.0(exclusive)
cpe:2.3:a:dell:emc_openmanage_server_administrator:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/108092security_alert@emc.com
Broken Link
Third Party Advisory
VDB Entry
https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=ensecurity_alert@emc.com
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/108092
Source: security_alert@emc.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: https://www.dell.com/support/article/us/en/04/sln316915/dsa-2019-060-dell-emc-open-manage-system-administrator-multiple-vulnerabilities?lang=en
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

739Records found
CVE-2025-22397
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.17% / 38.00%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 18:46
Updated-21 Jan, 2026 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9idrac9_firmwareidrac10idrac10_firmwareIntegrated Dell Remote Access Controller 10 17G versionIntegrated Dell Remote Access Controller 9 15G and 16G versionsIntegrated Dell Remote Access Controller 9 14G Versions
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21514
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-28.05% / 96.57%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 16:00
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_server_administratorDell Open Manage Server Administrator
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-5366
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.43% / 62.65%
||
7 Day CHG~0.00%
Published-09 Jul, 2020 | 13:45
Updated-16 Sep, 2024 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareidrac9Integrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-14384
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-4.60% / 89.45%
||
7 Day CHG~0.00%
Published-16 Mar, 2018 | 20:00
Updated-16 Sep, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability.

Action-Not Available
Vendor-Dell Inc.
Product-storage_managerDell Storage Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-4004
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-12.17% / 93.97%
||
7 Day CHG~0.00%
Published-12 Apr, 2016 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.

Action-Not Available
Vendor-n/aDell Inc.
Product-openmanage_server_administratorn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21569
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.51% / 66.96%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-29097
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.20% / 42.27%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 17:00
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-23374
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8||HIGH
EPSS-0.19% / 41.36%
||
7 Day CHG~0.00%
Published-30 Jan, 2025 | 04:14
Updated-07 Feb, 2025 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-enterprise_sonic_distributionEnterprise SONiC OS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-48661
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.15% / 35.89%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 15:55
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermax_virtual_appliancesolutions_enabler_virtual_appliancepowermax_osvApp Manager
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2023-32478
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9||CRITICAL
EPSS-0.21% / 43.89%
||
7 Day CHG~0.00%
Published-21 Jul, 2023 | 05:34
Updated-21 Oct, 2024 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerstoreosPowerStore
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-36349
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.41%
||
7 Day CHG~0.00%
Published-24 Jan, 2022 | 20:10
Updated-17 Sep, 2024 | 03:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts.

Action-Not Available
Vendor-Dell Inc.
Product-emc_data_protection_centralData Protection Central
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-36329
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 44.07%
||
7 Day CHG~0.00%
Published-30 Nov, 2021 | 20:40
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information.

Action-Not Available
Vendor-Dell Inc.
Product-emc_streaming_data_platformDell EMC Streaming Data Platform
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2021-21570
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.44% / 63.42%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21592
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-3.1||LOW
EPSS-0.21% / 44.06%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 22:00
Updated-17 Sep, 2024 | 02:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2020-5389
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9||CRITICAL
EPSS-0.34% / 56.71%
||
7 Day CHG~0.00%
Published-08 Oct, 2020 | 14:50
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an information disclosure vulnerability. Authenticated low privileged OMIMSCC users may be able to retrieve sensitive information from the logs.

Action-Not Available
Vendor-Dell Inc.
Product-emc_openmanage_integration_for_microsoft_system_centerOMIMSSC (OpenManage Integration for Microsoft System Center)
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-5356
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.7||HIGH
EPSS-0.17% / 38.53%
||
7 Day CHG~0.00%
Published-06 Jul, 2020 | 17:45
Updated-16 Sep, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_x400powerprotect_x400_firmwarepowerprotect_data_managerPower Protect Data Manager
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2019-3736
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.07% / 22.16%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 20:19
Updated-17 Sep, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_idpa_dp8300emc_integrated_data_protection_appliance_firmwareemc_idpa_dp5800emc_idpa_dp4400emc_idpa_dp8800Integrated Data Protection Appliance
CWE ID-CWE-257
Storing Passwords in a Recoverable Format
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-3764
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5||MEDIUM
EPSS-0.24% / 47.19%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 18:05
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareidrac7_firmwareidrac8_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-285
Improper Authorization
CVE-2019-3733
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.05% / 16.36%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 21:48
Updated-16 Sep, 2024 | 23:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

Action-Not Available
Vendor-Dell Inc.ELAN Microelectronics Corporation
Product-bsafe_crypto-c-micro-editionrsa_bsafe_crypto-cRSA BSAFE MESRSA BSAFE Crypto-C Micro Edition
CWE ID-CWE-316
Cleartext Storage of Sensitive Information in Memory
CWE ID-CWE-459
Incomplete Cleanup
CVE-2019-3753
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.12% / 29.93%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 18:47
Updated-16 Sep, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored in plain text in the system settings menu. An authenticated malicious user with access to the system settings menu may obtain the exposed password to use it in further attacks.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerconnect_8024_firmwareemc_powerconnect_7000emc_powerconnect_8024emc_powerconnect_m6220_firmwareemc_powerconnect_m8024-k_firmwareemc_powerconnect_m6348_firmwareemc_powerconnect_m8024emc_powerconnect_7000_firmwareemc_powerconnect_m8024_firmwareemc_powerconnect_m6220emc_powerconnect_m6348emc_powerconnect_m8024-kPowerConnect M6348PowerConnect M8024PowerConnect 7000PowerConnect M8024-KPowerConnect 8024PowerConnect M6220
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-30477
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.13% / 31.36%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 16:32
Updated-06 Aug, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions prior to 9.11.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-27695
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.28% / 52.07%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 19:06
Updated-11 Jul, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-37136
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.27% / 50.33%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 05:42
Updated-05 Sep, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-path_to_powerprotectPath to Power
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2018-15768
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-23.40% / 96.07%
||
7 Day CHG~0.00%
Published-30 Nov, 2018 | 17:00
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure MySQL Configuration Vulnerability

Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_network_managerOpenManage Network Manager
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-15748
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 74.28%
||
7 Day CHG~0.00%
Published-23 Aug, 2018 | 15:00
Updated-17 Sep, 2024 | 02:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of the Email Settings webpage. In some cases, authentication can be achieved with the blank default password for the admin account. NOTE: the vendor indicates that this is an "End Of Support Life" product.

Action-Not Available
Vendor-n/aDell Inc.
Product-2335dn2335dn_network_firmware2335dn_engine_firmware2335dn_printer_firmwaren/a
CWE ID-CWE-521
Weak Password Requirements
CVE-2024-28971
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-3.5||LOW
EPSS-0.23% / 45.65%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 15:37
Updated-27 Jan, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_enterprise_update_managerUpdate Manager Plugin
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-1242
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-4.97% / 89.87%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 17:00
Updated-16 Sep, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read.

Action-Not Available
Vendor-Dell Inc.ELAN Microelectronics Corporation
Product-recoverpoint_for_virtual_machinesrecoverpointDell EMC RecoverPointDell EMC RecoverPoint Virtual Machine (VM)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-1241
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.77% / 73.83%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 17:00
Updated-17 Sep, 2024 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks.

Action-Not Available
Vendor-Dell Inc.ELAN Microelectronics Corporation
Product-recoverpoint_for_virtual_machinesrecoverpointDell EMC RecoverPointDell EMC RecoverPoint Virtual Machine (VM)
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2018-1250
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 26.88%
||
7 Day CHG~0.00%
Published-28 Sep, 2018 | 18:00
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. A remote authenticated user could potentially exploit this vulnerability to read files in NAS server by directly interacting with certain APIs of Unity OE, bypassing Role-Based Authorization control implemented only in Unisphere GUI.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unityemc_unity_firmwareemc_unityvsaDell EMC UnityVSADell EMC Unity
CWE ID-CWE-863
Incorrect Authorization
CVE-2018-11065
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-2.7||LOW
EPSS-0.22% / 44.62%
||
7 Day CHG~0.00%
Published-24 Aug, 2018 | 15:00
Updated-16 Sep, 2024 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to read certain data. Embedded WorkPoint is upgraded to version 4.10.16, which contains a fix for the vulnerability.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-archerRSA Archer
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-29173
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.28% / 51.62%
||
7 Day CHG~0.00%
Published-26 Jun, 2024 | 02:51
Updated-03 Feb, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client.

Action-Not Available
Vendor-Dell Inc.
Product-dd3300dd6400apex_protection_storagedm5500dd9400dd9910dd9410dd9900data_domain_operating_systemdd6900PowerProtect DD
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-36309
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.26% / 49.53%
||
7 Day CHG~0.00%
Published-01 Oct, 2021 | 20:20
Updated-16 Sep, 2024 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks.

Action-Not Available
Vendor-Dell Inc.
Product-enterprise_sonic_osEnterprise SONiC OS
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-32468
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.8||MEDIUM
EPSS-0.19% / 40.26%
||
7 Day CHG~0.00%
Published-26 Jul, 2023 | 07:11
Updated-21 Oct, 2024 | 13:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure of this sensitive data.

Action-Not Available
Vendor-Dell Inc.
Product-ecs_streamerECS Streamer
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-21584
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.7||HIGH
EPSS-0.24% / 46.53%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 21:05
Updated-17 Sep, 2024 | 02:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_enterprise-modularopenmanage_enterpriseDell OpenManage Enterprise
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-31229
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.6||CRITICAL
EPSS-0.29% / 52.39%
||
7 Day CHG~0.00%
Published-28 Jun, 2022 | 18:40
Updated-17 Sep, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2022-29089
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.19% / 40.73%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 20:30
Updated-20 May, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10Dell Networking OS10
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-24414
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-0.33% / 55.96%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-17 Sep, 2024 | 00:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks.

Action-Not Available
Vendor-Dell Inc.
Product-cloudlinkCloudLink
CWE ID-CWE-598
Use of GET Request Method With Sensitive Query Strings
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-46676
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-2.7||LOW
EPSS-0.01% / 1.75%
||
7 Day CHG-0.01%
Published-09 Jan, 2026 | 15:48
Updated-05 Feb, 2026 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain with Data Domain Operating System (DD OS) Feature ReleasePowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2025PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-27693
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.27% / 50.80%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 00:19
Updated-11 Jul, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26335
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.8||MEDIUM
EPSS-0.23% / 46.03%
||
7 Day CHG~0.00%
Published-11 Apr, 2025 | 01:20
Updated-14 Jan, 2026 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Cyber Recovery, versions prior to 19.18.0.2, contains an Insertion of Sensitive Information Into Sent Data vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_cyber_recoveryPowerProtect Cyber Recovery
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CVE-2025-26482
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 14.98%
||
7 Day CHG~0.00%
Published-25 Sep, 2025 | 21:11
Updated-16 Jan, 2026 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_t560_firmwarepoweredge_xe8640_firmwarexc_core_xc660poweredge_r7615poweredge_r6415_firmwareemc_xc_core_6420_systempoweredge_xr7620poweredge_c6520_firmwarepoweredge_xe9640poweredge_r6615_firmwarepoweredge_r750xs_firmwarepoweredge_r7725_firmwarepoweredge_r7725emc_xc_core_xc7525poweredge_r760_firmwarepoweredge_r6715poweredge_r860xc_core_xc760xapoweredge_r650_firmwareidrac9poweredge_xe9680poweredge_c6420emc_xc_core_xcxr2poweredge_t440poweredge_hs5610_firmwarepoweredge_xr7620_firmwareemc_storage_nx3240_firmwareemc_xc_core_xc6520_firmwarepoweredge_r6625_firmwarepoweredge_r240_firmwareemc_xc_core_xc650poweredge_r7525poweredge_xe2420emc_xc_core_xc750xa_firmwarepoweredge_xr2_firmwareemc_xc_core_xc940_systempoweredge_r6515poweredge_r760poweredge_r340poweredge_r260poweredge_r840_firmwarepoweredge_r6415poweredge_xr2poweredge_t360poweredge_mx840cemc_xc_core_6420_system_firmwarepoweredge_r250poweredge_xe7420_firmwarepoweredge_r260_firmwarepoweredge_r670_firmwarepoweredge_t340_firmwarepoweredge_t350poweredge_t560poweredge_xr5610poweredge_mx750c_firmwareemc_xc_core_xc740xd_systempoweredge_hs5620_firmwarepoweredge_xr4510c_firmwarepoweredge_c6615_firmwarepoweredge_r940xa_firmwarexc_core_xc760_firmwareemc_xc_core_xc450_firmwareemc_xc_core_xc750poweredge_r940xapoweredge_xr8620tpoweredge_r7625_firmwarepoweredge_xr11_firmwarepoweredge_t350_firmwarepoweredge_r840poweredge_c6525_firmwarepoweredge_mx760cpoweredge_xe9680_firmwarepoweredge_m640_firmwaredss_8440poweredge_xe7440_firmwarepoweredge_r7415_firmwarepoweredge_r6725poweredge_r940_firmwarepoweredge_xr11dss_8440_firmwarepoweredge_hs5620xc_core_xc660xspoweredge_r540_firmwarepoweredge_r640_firmwarepoweredge_r640poweredge_c4140_firmwarepoweredge_r740_firmwarepoweredge_xe8545poweredge_r750xa_firmwarepoweredge_r440_firmwarepoweredge_r740xd2emc_nx440poweredge_xr12_firmwarepoweredge_t140poweredge_r550_firmwarepoweredge_xr8610t_firmwarepoweredge_r240poweredge_r360_firmwarepoweredge_xr8610tpoweredge_r7715emc_xc_core_xc640_system_firmwarepoweredge_r750xspoweredge_xe7440poweredge_r7515_firmwarepoweredge_r7515poweredge_r770poweredge_r470_firmwarepoweredge_r350_firmwarepoweredge_t360_firmwarepoweredge_r960_firmwarepoweredge_r660poweredge_r940poweredge_r7525_firmwarepoweredge_xe8640xc_core_xc7625poweredge_r650xs_firmwarexc_core_xc660_firmwarepoweredge_r750_firmwarepoweredge_xe9680lpoweredge_mx760c_firmwarepoweredge_r760xs_firmwareemc_nx440_firmwarepoweredge_xr5610_firmwarepoweredge_r770_firmwarepoweredge_r740poweredge_c6420_firmwarepoweredge_r470emc_storage_nx3340poweredge_r6625poweredge_r760xd2poweredge_r750xapoweredge_c6620_firmwarepoweredge_r340_firmwarexc_core_xc760poweredge_c6620poweredge_r7425poweredge_r360emc_storage_nx3240emc_xc_core_xc450poweredge_r440poweredge_xr12poweredge_xe9680l_firmwareidrac9_firmwarepoweredge_r570poweredge_r540poweredge_t160poweredge_r740xdpoweredge_mx740c_firmwarepoweredge_r650xsemc_xc_core_xc750xapoweredge_r7615_firmwarepoweredge_mx840c_firmwarepoweredge_r350poweredge_r860_firmwarepoweredge_r6515_firmwarepoweredge_t550poweredge_r450_firmwarexc_core_xc7625_firmwarepoweredge_r660xs_firmwarepoweredge_mx750cpoweredge_r550poweredge_hs5610poweredge_t640_firmwareemc_xc_core_xc740xd_system_firmwarepoweredge_r760xd2_firmwarepoweredge_r760xa_firmwarepoweredge_r7715_firmwarepoweredge_t140_firmwarepoweredge_c6615poweredge_r6615emc_xc_core_xcxr2_firmwarepoweredge_r650poweredge_r6525_firmwareemc_xc_core_xc740xd2poweredge_c4140poweredge_t340poweredge_r960emc_xc_core_xc940_system_firmwarepoweredge_fc640emc_xc_core_xc650_firmwarepoweredge_r760xapoweredge_r7415poweredge_t640poweredge_xe9640_firmwarepoweredge_xe7420emc_xc_core_xc740xd2_firmwarexc_core_xc760xa_firmwarepoweredge_xr4520cpoweredge_c6520poweredge_r6525poweredge_xr4510cemc_storage_nx3340_firmwarepoweredge_r660_firmwarepoweredge_mx740cpoweredge_xe8545_firmwarepoweredge_t440_firmwarepoweredge_r6725_firmwareemc_xc_core_xc750_firmwarepoweredge_t150poweredge_xe2420_firmwarepoweredge_r7625poweredge_r250_firmwarexc_core_xc660xs_firmwarepoweredge_r450poweredge_r570_firmwarepoweredge_t550_firmwarepoweredge_t150_firmwarepoweredge_r6715_firmwarepoweredge_r740xd_firmwareemc_xc_core_xc7525_firmwareemc_xc_core_xc640_systempoweredge_t160_firmwarepoweredge_r760xspoweredge_xr4520c_firmwarepoweredge_m640poweredge_r740xd2_firmwarepoweredge_r750poweredge_r660xsemc_xc_core_xc6520poweredge_c6525poweredge_fc640_firmwarepoweredge_xr8620t_firmwarepoweredge_r670poweredge_r7425_firmwarePowerEdge XR7620PowerEdge R860iDRAC9PowerEdge XR11PowerEdge R450PowerEdge XE8640PowerEdge R570Dell EMC XC Core XC940 SystemPowerEdge R760xaPowerEdge XR8620tPowerEdge T140PowerEdge XE7420PowerEdge XR2Dell EMC Storage NX3240PowerEdge R750XSPowerEdge R7715Dell EMC XC Core XC6520PowerEdge R6525PowerEdge M640PowerEdge R770PowerEdge R940XADell EMC XC Core XCXR2DSS 8440PowerEdge C4140PowerEdge HS5620PowerEdge R650Dell EMC Storage NX3340PowerEdge HS5610PowerEdge XR5610PowerEdge R7525Dell EMC XC Core XC740xd2PowerEdge R540Dell XC Core XC760PowerEdge C6620Dell EMC XC Core XC740xd SystemPowerEdge R760xd2Dell EMC XC Core XC7525PowerEdge R660PowerEdge T350PowerEdge R7515PowerEdge R740XDPowerEdge R760Dell EMC XC Core XC450PowerEdge C6525PowerEdge T640Dell XC Core XC660PowerEdge R960Dell EMC XC Core XC640 SystemPowerEdge T340PowerEdge R7725PowerEdge R240PowerEdge T550PowerEdge R6615PowerEdge R6725PowerEdge T560PowerEdge T440Dell XC Core XC660xsPowerEdge XE9680PowerEdge R7625PowerEdge XE9640PowerEdge XE8545PowerEdge R760xsPowerEdge XE9680LPowerEdge R550PowerEdge C6615PowerEdge FC640Dell EMC NX440Dell EMC XC Core XC750xaPowerEdge R650XSPowerEdge R940PowerEdge XR8610tPowerEdge R360PowerEdge MX760cPowerEdge R250PowerEdge T150PowerEdge MX740CPowerEdge R6515PowerEdge R660xsPowerEdge R7425PowerEdge R6415PowerEdge M640 (for PE VRTX)PowerEdge C6520PowerEdge R640PowerEdge XE2420PowerEdge XR4520cDell EMC XC Core 6420 SystemPowerEdge XE7440PowerEdge R750XAPowerEdge R440PowerEdge R6625Dell XC Core XC760xaPowerEdge R840PowerEdge XR4510cPowerEdge R470PowerEdge R670PowerEdge R350PowerEdge R750PowerEdge R6715PowerEdge XR12PowerEdge C6420PowerEdge T360Dell EMC XC Core XC650PowerEdge T160PowerEdge MX840CPowerEdge R340PowerEdge R7615PowerEdge R740XD2PowerEdge MX750CPowerEdge R740Dell EMC XC Core XC750PowerEdge R260PowerEdge R7415Dell XC Core XC7625
CWE ID-CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
CVE-2017-8007
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-1.65% / 82.34%
||
7 Day CHG~0.00%
Published-22 Sep, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.

Action-Not Available
Vendor-n/aDell Inc.
Product-emc_vipr_srmemc_storage_monitoring_and_reportingemc_vnx_monitoring_and_reportingemc_m\&rEMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-28265
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 3.62%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 07:41
Updated-02 Apr, 2026 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.

Action-Not Available
Vendor-Dell Inc.
Product-powerstore_5200qpowerstore_5000tpowerstore_1000tpowerstore_3200qpowerstore_7000tpowerstoreospowerstore_1200tpowerstore_3200tpowerstore_500tpowerstore_3000tpowerstore_9200tpowerstore_5200tpowerstore_9000tPowerStore 5000TPowerStorePowerStore 9000TPowerStore 9200TPowerStore 500TPowerStore 3200TPowerStore 7000TPowerStore 5200TPowerStore 5200QPowerStore 3000TPowerStore 3200QPowerStore 1000TPowerStore 1200T
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-35
Path Traversal: '.../...//'
CVE-2023-48660
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.51%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 15:51
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermax_virtual_appliancesolutions_enabler_virtual_appliancepowermax_os vApp Manger
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-44278
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 23.57%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 15:17
Updated-02 Aug, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_domainpowerprotect_data_protectiondd9400dp5900apex_protection_storagepowerprotect_data_domain_management_centerdd6400emc_data_domain_osdd3300dd9900dd6900dp4400PowerProtect DD
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-44306
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-1.70% / 82.66%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 08:32
Updated-01 Oct, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem.

Action-Not Available
Vendor-Dell Inc.
Product-dm5500_firmwaredm5500Dell PowerProtect Data Manager DM5500 Appliance
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-43070
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 18.05%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 17:38
Updated-19 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_storage_softwareDell SmartFabric Storage Software
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-29495
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-10||CRITICAL
EPSS-15.49% / 94.80%
||
7 Day CHG~0.00%
Published-14 Jan, 2021 | 21:10
Updated-16 Sep, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_avamar_serverAvamar
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-29494
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.7||HIGH
EPSS-0.94% / 76.61%
||
7 Day CHG~0.00%
Published-14 Jan, 2021 | 21:10
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_avamar_serverAvamar
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-36288
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.6||HIGH
EPSS-0.93% / 76.53%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 19:50
Updated-16 Sep, 2024 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files

Action-Not Available
Vendor-Dell Inc.
Product-vnxe1600vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX2
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 14
  • 15
  • Next
Details not found