Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-3763

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-11 Sep, 2019 | 19:17
Updated At-16 Sep, 2024 | 22:20
Rejected At-
Credits

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:11 Sep, 2019 | 19:17
Updated At:16 Sep, 2024 | 22:20
Rejected At:
▼CVE Numbering Authority (CNA)

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.

Affected Products
Vendor
Dell Inc.Dell
Product
RSA Identity Governance and Lifecycle
Versions
Affected
  • From unspecified before 7.1.1 P02 (custom)
  • From unspecified before 7.1.0 P08 (custom)
  • 7.0.2
  • 7.0.1
Vendor
Dell Inc.Dell
Product
RSA Via Lifecycle and Governance
Versions
Affected
  • 7.0
Problem Types
TypeCWE IDDescription
CWECWE-532CWE-532 Information Exposure Through Log Files
Type: CWE
CWE ID: CWE-532
Description: CWE-532 Information Exposure Through Log Files
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://community.rsa.com/docs/DOC-106943
x_refsource_MISC
Hyperlink: https://community.rsa.com/docs/DOC-106943
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://community.rsa.com/docs/DOC-106943
x_refsource_MISC
x_transferred
Hyperlink: https://community.rsa.com/docs/DOC-106943
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:11 Sep, 2019 | 20:15
Updated At:16 Oct, 2020 | 14:13

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.1
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:-:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.1
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p1:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.1
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p2_hotfix2:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.1
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p3:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.1
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p4:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.1
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p5:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.1
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.1:p5_hotfix2:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.2
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:-:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.2
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p1:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.2
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p10:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.2
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p11:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.2
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p12:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.2
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p13:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.2
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p14:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.2
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p2:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.2
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p3:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.2
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p4:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.2
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p5:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.2
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p6:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.2
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p7:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.2
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p8:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.0.2
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.0.2:p9:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.1.0
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:-:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.1.0
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p01:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.1.0
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p02:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.1.0
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p03:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.1.0
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p04:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.1.0
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p05:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.1.0
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p06:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.1.0
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.0:p07:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.1.1
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:-:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_identity_governance_and_lifecycle>>7.1.1
cpe:2.3:a:dell:rsa_identity_governance_and_lifecycle:7.1.1:p1:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_via_lifecycle_and_governance>>7.0.0
cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:-:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_via_lifecycle_and_governance>>7.0.0
cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p1:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_via_lifecycle_and_governance>>7.0.0
cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p2:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_via_lifecycle_and_governance>>7.0.0
cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p3:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_via_lifecycle_and_governance>>7.0.0
cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p4:*:*:*:*:*:*
Dell Inc.
dell
>>rsa_via_lifecycle_and_governance>>7.0.0
cpe:2.3:a:dell:rsa_via_lifecycle_and_governance:7.0.0:p5:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-532Primarynvd@nist.gov
CWE-532Secondarysecurity_alert@emc.com
CWE ID: CWE-532
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-532
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://community.rsa.com/docs/DOC-106943security_alert@emc.com
Vendor Advisory
Hyperlink: https://community.rsa.com/docs/DOC-106943
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

419Records found
CVE-2021-36340
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.04%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 01:40
Updated-23 May, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway (SCG) 5.0 Application
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-36278
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.19% / 40.68%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 22:00
Updated-17 Sep, 2024 | 03:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access sensitive information. If any third-party consumes those logs, the same sensitive information is available to those systems as well.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-30105
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.01% / 1.78%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 17:50
Updated-05 Aug, 2025 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell XtremIO, version(s) 6.4.0-22, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-XtremIO
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-26332
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.01% / 1.78%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 17:55
Updated-05 Aug, 2025 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-TechAdvisor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-21598
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-3.9||LOW
EPSS-0.06% / 18.02%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 19:05
Updated-17 Sep, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. An authenticated attacker with physical access to the system could exploit this vulnerability to read sensitive Smartcard data in log files.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_5070_thin_clientwyse_thinoswyse_5470_thin_clientwyse_3040_thin_clientWyse ThinOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-21561
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.04%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 20:00
Updated-16 Sep, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-21597
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.04% / 12.29%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 19:05
Updated-16 Sep, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. An authenticated malicious user with physical access to the system could exploit this vulnerability to read sensitive information written to the log files.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_5070_thin_clientwyse_thinoswyse_5470_thin_clientwyse_3040_thin_clientWyse ThinOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-21601
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.10%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 19:05
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_data_protection_searchData Protection Search
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-21558
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.06% / 18.86%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 18:05
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2017-8001
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.08% / 24.51%
||
7 Day CHG~0.00%
Published-28 Nov, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials.

Action-Not Available
Vendor-n/aDell Inc.Linux Kernel Organization, Inc
Product-emc_scaleiolinux_kernelEMC ScaleIO EMC ScaleIO 2.0.1.x
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-22572
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 12:54
Updated-26 Mar, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-3716
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.57%
||
7 Day CHG~0.00%
Published-13 Mar, 2019 | 22:00
Updated-16 Sep, 2024 | 22:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Exposure Vulnerability

RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-archer_grc_platformRSA Archer
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-3715
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.22%
||
7 Day CHG~0.00%
Published-13 Mar, 2019 | 22:00
Updated-16 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Exposure Vulnerability

RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-archer_grc_platformRSA Archer
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-21546
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.80%
||
7 Day CHG~0.00%
Published-29 Jul, 2021 | 15:55
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-36289
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.59%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 22:15
Updated-17 Sep, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.

Action-Not Available
Vendor-Dell Inc.
Product-vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX Control Station
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-18576
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.12% / 31.47%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 20:30
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-xtremio_management_serverXtremIO
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-26199
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 13.86%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_vsa_operating_environmentemc_unity_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-43729
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-27 Aug, 2025 | 14:02
Updated-27 Aug, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthorized Access.

Action-Not Available
Vendor-Dell Inc.
Product-ThinOS 10
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-43882
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-27 Aug, 2025 | 13:51
Updated-27 Aug, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Unauthorized Access.

Action-Not Available
Vendor-Dell Inc.
Product-ThinOS 10
CWE ID-CWE-283
Unverified Ownership
CVE-2024-25960
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.04% / 10.86%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 18:13
Updated-09 Jan, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSpowerscale_onefs
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-25958
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.25%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 15:18
Updated-28 Jan, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of application data and service disruption.

Action-Not Available
Vendor-Dell Inc.
Product-grabGrab for Windowsgrab_for_windows
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-22450
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.4||HIGH
EPSS-0.09% / 25.57%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 07:08
Updated-31 Jan, 2025 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)alienware_command_center
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-22225
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.38%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:51
Updated-07 May, 2025 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22224
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.44%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:48
Updated-07 May, 2025 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22223
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.29%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 19:07
Updated-07 May, 2025 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22449
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.03% / 7.15%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 09:48
Updated-17 Jun, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefs PowerScale OneFS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-22228
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.23% / 46.01%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:40
Updated-07 May, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22222
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.25% / 47.99%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 19:04
Updated-01 Aug, 2024 | 22:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36297
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-16 Sep, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll's,

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_home_pcsSupportAssist Client Consumer
CWE ID-CWE-426
Untrusted Search Path
CVE-2021-36311
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.04% / 9.57%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 20:00
Updated-16 Sep, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-285
Improper Authorization
CVE-2021-36285
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.7||MEDIUM
EPSS-0.05% / 14.46%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_9520latitude_7320_firmwarelatitude_7280_firmwarelatitude_9410latitude_5310_2-in-1precision_3551latitude_7212_rugged_extreme_tablet_firmwarelatitude_7212_rugged_extreme_tabletlatitude_7420latitude_7480precision_3640_tower_firmwarelatitude_5500_firmwarelatitude_5511_firmwareoptiplex_3280_aio_firmwarelatitude_5310_2-in-1_firmwarelatitude_5520latitude_5411_firmwarelatitude_5500optiplex_3080_firmwarelatitude_7370latitude_7370_firmwareoptiplex_7480_aiolatitude_7420_firmwarelatitude_5400_firmwarelatitude_7480_firmwarelatitude_5320_firmwarelatitude_5511optiplex_3080latitude_9510precision_3551_ffirmwareoptiplex_7480_aio_firmwarelatitude_5320latitude_9410_firmwarelatitude_9520_firmwarelatitude_9510_firmwareoptiplex_3280_aiolatitude_5411latitude_5520_firmwareprecision_3640_towerlatitude_7280latitude_7320latitude_5400CPG BIOS
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-36279
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.03%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 22:00
Updated-16 Sep, 2024 | 23:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-36280
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.84%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 22:00
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-36341
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.38%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:05
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A local authenticated user with low privileges could potentially exploit this vulnerability in order to access sensitive information.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_device_agentDell Wyse Device Agent
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-36284
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.7||MEDIUM
EPSS-0.05% / 14.46%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute force attack.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_9520latitude_7320_firmwarelatitude_7280_firmwarelatitude_9410latitude_5310_2-in-1precision_3551latitude_7212_rugged_extreme_tablet_firmwarelatitude_7212_rugged_extreme_tabletlatitude_7420latitude_7480precision_3640_tower_firmwarelatitude_5500_firmwarelatitude_5511_firmwareoptiplex_3280_aio_firmwarelatitude_5310_2-in-1_firmwarelatitude_5520latitude_5411_firmwarelatitude_5500optiplex_3080_firmwarelatitude_7370latitude_7370_firmwareoptiplex_7480_aiolatitude_7420_firmwarelatitude_5400_firmwarelatitude_7480_firmwarelatitude_5320_firmwarelatitude_5511optiplex_3080latitude_9510precision_3551_ffirmwareoptiplex_7480_aio_firmwarelatitude_5320latitude_9410_firmwarelatitude_9520_firmwarelatitude_9510_firmwareoptiplex_3280_aiolatitude_5411latitude_5520_firmwareprecision_3640_towerlatitude_7280latitude_7320latitude_5400CPG BIOS
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-36282
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-2.5||LOW
EPSS-0.05% / 16.70%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 22:00
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-36339
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.85%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 20:15
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermax_virtual_applianceunisphere_for_powermaxvasasolutions_enabler_virtual_appliancepowermax_ossolutions_enablerunisphere_360Solutions Enabler vApp
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2021-36317
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.18%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:05
Updated-16 Sep, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerprotect_data_protection_applianceemc_avamar_serverAvamar
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-36319
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-3.3||LOW
EPSS-0.05% / 15.16%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 01:40
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages.

Action-Not Available
Vendor-Dell Inc.
Product-networking_os10Dell Networking OS10
CWE ID-CWE-665
Improper Initialization
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2024-0156
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.08% / 24.52%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 12:54
Updated-08 Jan, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Buffer Overflow Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryDell Digital Delivery (D3)dell_digital_delivery
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-0162
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 23.05%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 16:18
Updated-04 Feb, 2025 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_c6520_firmwarepoweredge_r660xs_firmwarepoweredge_xr11_firmwarepoweredge_r6615_firmwarepoweredge_t560_firmwarepoweredge_r760xd2_firmwarepoweredge_r6525_firmwarepoweredge_r960poweredge_hs5610emc_xc_core_xc7525xc_core_xc7625poweredge_mx750cpoweredge_xr11poweredge_c6520emc_xc_core_xc750_firmwarepoweredge_r350poweredge_r7515_firmwarepoweredge_xe9680poweredge_xe8640_firmwarepoweredge_xr8610t_firmwarepoweredge_t550poweredge_c6525poweredge_xe8545_firmwarepoweredge_r860poweredge_xr5610_firmwareemc_xc_core_xc750xa_firmwarepoweredge_r6515_firmwarepoweredge_r760xapoweredge_r860_firmwarepoweredge_r6625_firmwarepoweredge_t150_firmwarepoweredge_r250emc_xc_core_xc7525_firmwareemc_xc_core_xc750emc_xc_core_xc750xapoweredge_r760poweredge_xr12poweredge_r7615_firmwarepoweredge_xr8620temc_xc_core_xc450_firmwarepoweredge_xr8620t_firmwarepoweredge_r760xs_firmwarepoweredge_xr12_firmwarepoweredge_r6515emc_xc_core_xc650_firmwarepoweredge_t150poweredge_t560poweredge_xe8545poweredge_r650_firmwarepoweredge_xe9680_firmwarepoweredge_r760xd2poweredge_r760xspoweredge_xr8610tpoweredge_r350_firmwareemc_xc_core_xc650poweredge_r7625_firmwarexc_core_xc760poweredge_r7515emc_xc_core_xc450poweredge_r660xspoweredge_r550_firmwarepoweredge_c6620_firmwarepoweredge_xr7620_firmwarexc_core_xc660poweredge_c6525_firmwarexc_core_xc760_firmwarepoweredge_xe8640poweredge_r960_firmwarepoweredge_xe9640poweredge_r650xspoweredge_r6525emc_xc_core_xc6520_firmwarepoweredge_r750xapoweredge_t350poweredge_mx750c_firmwarepoweredge_r760_firmwarepoweredge_r250_firmwarepoweredge_c6620poweredge_r7525_firmwarepoweredge_xr4510c_firmwareemc_xc_core_xc6520poweredge_r750xa_firmwarepoweredge_r660poweredge_r450_firmwarepoweredge_xr7620poweredge_r7615poweredge_xe9640_firmwarepoweredge_r750xspoweredge_r650poweredge_xr4510cpoweredge_r7525poweredge_r760xa_firmwarepoweredge_r750xs_firmwarepoweredge_r660_firmwarepoweredge_t350_firmwarepoweredge_hs5610_firmwarepoweredge_r750poweredge_r650xs_firmwarepoweredge_xr4520c_firmwarepoweredge_r7625poweredge_c6615poweredge_r750_firmwarepoweredge_hs5620_firmwarexc_core_xc7625_firmwarepoweredge_mx760cpoweredge_mx760c_firmwarepoweredge_xr5610poweredge_r6625poweredge_r450xc_core_xc660_firmwarepoweredge_r6615poweredge_r550poweredge_t550_firmwarepoweredge_hs5620poweredge_xr4520cpoweredge_c6615_firmwarePowerEdge BIOS Intel 16G
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0166
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.74%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:27
Updated-06 May, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-0164
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.74%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:34
Updated-01 Aug, 2024 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnityunity_operating_environment
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36276
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.35%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 21:05
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Action-Not Available
Vendor-Dell Inc.
Product-dbutildrv2.sys_firmwaredbutil
CWE ID-CWE-285
Improper Authorization
CVE-2024-0168
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.23% / 46.01%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:20
Updated-19 Aug, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnityunity_operating_environment
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-0167
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.28% / 50.87%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:23
Updated-06 May, 2025 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-0165
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.84%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:30
Updated-06 May, 2025 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-0155
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.11% / 29.67%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 13:00
Updated-08 Jan, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to application crash or execution of arbitrary code.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryDell Digital Delivery (D3)digital_delivery
CWE ID-CWE-416
Use After Free
CVE-2023-48670
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.04% / 10.78%
||
7 Day CHG~0.00%
Published-22 Dec, 2023 | 15:57
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_home_pcsSupportAssist Client Consumer
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-15765
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-3.4||LOW
EPSS-0.15% / 36.35%
||
7 Day CHG~0.00%
Published-18 Oct, 2018 | 22:00
Updated-16 Sep, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks.

Action-Not Available
Vendor-Dell Inc.
Product-emc_secure_remote_servicesESRS Virtual Edition
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 8
  • 9
  • Next
Details not found