Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-3766

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-27 Sep, 2019 | 20:22
Updated At-17 Sep, 2024 | 02:01
Rejected At-
Credits

Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:27 Sep, 2019 | 20:22
Updated At:17 Sep, 2024 | 02:01
Rejected At:
▼CVE Numbering Authority (CNA)

Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts.

Affected Products
Vendor
Dell Inc.Dell
Product
Elastic Cloud Storage
Versions
Affected
  • prior to 3.4.0.0
Problem Types
TypeCWE IDDescription
CWECWE-307CWE-307: Improper Restriction of Excessive Authentication Attempts
Type: CWE
CWE ID: CWE-307
Description: CWE-307: Improper Restriction of Excessive Authentication Attempts
Metrics
VersionBase scoreBase severityVector
3.08.1HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatio
x_refsource_CONFIRM
Hyperlink: https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatio
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatio
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatio
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:27 Sep, 2019 | 21:15
Updated At:09 Oct, 2019 | 23:49

Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.08.1HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Dell Inc.
dell
>>emc_elastic_cloud_storage>>Versions before 3.4.0.0(exclusive)
cpe:2.3:a:dell:emc_elastic_cloud_storage:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-307Primarynvd@nist.gov
CWE-307Secondarysecurity_alert@emc.com
CWE ID: CWE-307
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-307
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatiosecurity_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatio
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

288Records found
CVE-2021-36287
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-2.11% / 84.14%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 19:50
Updated-16 Sep, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system.

Action-Not Available
Vendor-Dell Inc.
Product-vnxe1600vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36294
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 62.21%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 22:15
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as any user.

Action-Not Available
Vendor-Dell Inc.
Product-vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX Control Station
CWE ID-CWE-331
Insufficient Entropy
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2021-36336
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-3.06% / 86.72%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:05
Updated-16 Sep, 2024 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-49601
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-4.26% / 88.83%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 01:52
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2006-2112
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.76% / 86.04%
||
7 Day CHG~0.00%
Published-25 Aug, 2006 | 01:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted.

Action-Not Available
Vendor-fuji_xeroxn/aDell Inc.
Product-3100cndocuprint_181docuprint_211_network_option_carddocuprint_c1616docuprint_c525a_network_option_carddocuprint_c525adocuprint_c2535adocuprint_c8303110cnfuji_xerox_printing_systems_print_enginedocuprint_c830_network_option_carddocuprint_181_network_option_cardphaser_6201jdocuprint_c1616_network_option_card3000cndocuprint_2115100cn3010cn5110cnn/a
CVE-2020-5344
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-4.12% / 88.63%
||
7 Day CHG~0.00%
Published-31 Mar, 2020 | 21:30
Updated-17 Sep, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareidrac8_firmwareidrac7idrac7_firmwareidrac9idrac8Integrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-5328
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 60.16%
||
7 Day CHG~0.00%
Published-06 Mar, 2020 | 20:25
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsIsilon OneFS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-5386
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.88% / 75.38%
||
7 Day CHG~0.00%
Published-02 Sep, 2020 | 20:55
Updated-16 Sep, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system.

Action-Not Available
Vendor-Dell Inc.
Product-emc_elastic_cloud_storageElastic Cloud Storage
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-5368
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 70.24%
||
7 Day CHG~0.00%
Published-06 Jul, 2020 | 17:45
Updated-16 Sep, 2024 | 22:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_d560f_firmwarevxrail_d560fvxrail_d560vxrail_d560_firmwareVxRail
CWE ID-CWE-862
Missing Authorization
CVE-2020-5341
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-12.71% / 94.01%
||
7 Day CHG~0.00%
Published-28 Jul, 2021 | 00:05
Updated-16 Sep, 2024 | 22:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system.

Action-Not Available
Vendor-Dell Inc.
Product-emc_avamar_serveremc_integrated_data_protection_appliance_firmwareAvamar Virtual Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-5349
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 58.16%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 21:30
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Networking S4100 and S5200 Series Switches manufactured prior to February 2020 contain a hardcoded credential vulnerability. A remote unauthenticated malicious user could exploit this vulnerability and gain administrative privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerswitch_s4148t-onemc_powerswitch_s5232f-onemc_powerswitch_s5212f-onemc_powerswitch_s5224f-onemc_powerswitch_s4112t-onemc_powerswitch_s4148f-onemc_powerswitch_s4148u-onemc_powerswitch_s5248f-onemc_powerswitch_s4128f-onemc_powerswitch_s5296f-onemc_powerswitch_s4148fe-onemc_powerswitch_s4128t-onemc_powerswitch_s4112f-onNetworking
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-5327
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-5.04% / 89.78%
||
7 Day CHG~0.00%
Published-06 Mar, 2020 | 20:25
Updated-16 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.

Action-Not Available
Vendor-Dell Inc.
Product-security_management_serverDell Encryption Enterprise
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-48007
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 66.33%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:00
Updated-13 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data.

Action-Not Available
Vendor-Dell Inc.
Product-recoverpoint_for_virtual_machinesRecoverPoint for Virtual Machines
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2017-14374
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.71% / 72.37%
||
7 Day CHG~0.00%
Published-06 Dec, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance).

Action-Not Available
Vendor-n/aDell Inc.
Product-storage_managerDell Storage Manager 2016 Dell Storage Manager versions earlier than 16.3.20
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-35168
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.7||MEDIUM
EPSS-0.14% / 34.93%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 19:25
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

Action-Not Available
Vendor-Oracle CorporationDell Inc.
Product-http_serverweblogic_server_proxy_plug-inbsafe_crypto-c-micro-editiondatabasebsafe_micro-edition-suitesecurity_serviceDell BSAFE Crypto-C Micro Edition
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2024-47484
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.30% / 53.30%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 10:21
Updated-04 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-avamar_serveravamar_data_storeAvamar
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-35169
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.1||CRITICAL
EPSS-0.21% / 43.39%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 19:26
Updated-16 Sep, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.

Action-Not Available
Vendor-Oracle CorporationDell Inc.
Product-http_serverweblogic_server_proxy_plug-inbsafe_crypto-c-micro-editiondatabasebsafe_micro-edition-suitesecurity_serviceDell BSAFE Crypto-C Micro Edition
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-20
Improper Input Validation
CVE-2020-35164
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.66% / 71.03%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 19:25
Updated-16 Sep, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

Action-Not Available
Vendor-Oracle CorporationDell Inc.
Product-http_serverweblogic_server_proxy_plug-inbsafe_crypto-c-micro-editiondatabasebsafe_micro-edition-suitesecurity_serviceDell BSAFE Crypto-C Micro Edition
CWE ID-CWE-385
Covert Timing Channel
CVE-2020-35167
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.8||MEDIUM
EPSS-0.74% / 72.87%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 19:25
Updated-16 Sep, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

Action-Not Available
Vendor-Oracle CorporationDell Inc.
Product-http_serverweblogic_server_proxy_plug-inbsafe_crypto-c-micro-editiondatabasebsafe_micro-edition-suitesecurity_serviceDell BSAFE Crypto-C Micro Edition
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-4997
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-3.91% / 88.31%
||
7 Day CHG~0.00%
Published-29 Jun, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Action-Not Available
Vendor-n/aDell Inc.
Product-emc_vasa_provider_virtual_applianceVASA Provider Virtual Appliance versions 8.3.x and prior
CWE ID-CWE-20
Improper Input Validation
CVE-2020-35166
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.1||MEDIUM
EPSS-0.48% / 65.24%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 19:25
Updated-17 Sep, 2024 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

Action-Not Available
Vendor-Oracle CorporationDell Inc.
Product-http_serverweblogic_server_proxy_plug-inbsafe_crypto-c-micro-editiondatabasebsafe_micro-edition-suitesecurity_serviceBSAFE Crypto-C Micro EditionDell BSAFE Micro Edition Suite
CWE ID-CWE-385
Covert Timing Channel
CVE-2020-35163
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.72% / 72.52%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 19:25
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.

Action-Not Available
Vendor-Oracle CorporationDell Inc.
Product-http_serverweblogic_server_proxy_plug-inbsafe_crypto-c-micro-editiondatabasebsafe_micro-edition-suitesecurity_serviceDell BSAFE Crypto-C Micro Edition
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2020-29504
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.4||HIGH
EPSS-0.18% / 38.92%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 15:58
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.

Action-Not Available
Vendor-Dell Inc.
Product-bsafe_micro-edition-suitebsafe_crypto-c-micro-editionBSAFE Crypto-C Micro EditionDell BSAFE Micro Edition Suite
CWE ID-CWE-295
Improper Certificate Validation
CVE-2001-1105
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 11.21%
||
7 Day CHG-0.03%
Published-15 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.

Action-Not Available
Vendor-n/aCisco Systems, Inc.Dell Inc.
Product-bsafe_ssl-jicdnn/a
CVE-2019-3705
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-2.81% / 86.16%
||
7 Day CHG~0.00%
Published-26 Apr, 2019 | 18:22
Updated-16 Sep, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Overflow Vulnerability

Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareidrac7_firmwareidrac6_firmwareidrac8_firmwareiDRAC
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-29508
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.73% / 72.78%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 19:25
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.

Action-Not Available
Vendor-Oracle CorporationDell Inc.
Product-http_serverweblogic_server_proxy_plug-inbsafe_crypto-c-micro-editiondatabasebsafe_micro-edition-suitesecurity_serviceDell BSAFE Micro Edition Suite
CWE ID-CWE-331
Insufficient Entropy
CWE ID-CWE-20
Improper Input Validation
CVE-2020-29493
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-10||CRITICAL
EPSS-5.79% / 90.52%
||
7 Day CHG~0.00%
Published-14 Jan, 2021 | 21:10
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_avamar_serverAvamar
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-29506
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-1.33% / 79.97%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 19:25
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.

Action-Not Available
Vendor-Oracle CorporationDell Inc.
Product-http_serverweblogic_server_proxy_plug-inbsafe_crypto-c-micro-editiondatabasebsafe_micro-edition-suitesecurity_serviceDell BSAFE Crypto-C Micro Edition
CWE ID-CWE-385
Covert Timing Channel
CVE-2020-29507
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.85% / 74.91%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 19:25
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.

Action-Not Available
Vendor-Oracle CorporationDell Inc.
Product-http_serverweblogic_server_proxy_plug-inbsafe_crypto-c-micro-editiondatabasebsafe_micro-edition-suitesecurity_serviceDell BSAFE Crypto-C Micro Edition
CWE ID-CWE-20
Improper Input Validation
CVE-2025-43995
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.23%
||
7 Day CHG~0.00%
Published-24 Oct, 2025 | 14:09
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An unauthenticated remote attacker can access APIs exposed by ApiProxy.war in DataCollectorEar.ear by using a special SessionKey and UserId. These userid are special users created in compellentservicesapi for special purposes.

Action-Not Available
Vendor-Dell Inc.
Product-storage_managerDell Storage Manager
CWE ID-CWE-287
Improper Authentication
CVE-2024-45764
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9||CRITICAL
EPSS-0.10% / 27.96%
||
7 Day CHG~0.00%
Published-08 Nov, 2024 | 16:08
Updated-13 Nov, 2024 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-enterprise_sonic_distributionEnterprise SONiC OSenterprise_sonic_os
CWE ID-CWE-304
Missing Critical Step in Authentication
CVE-2012-1844
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.26% / 84.63%
||
7 Day CHG~0.00%
Published-22 Mar, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors.

Action-Not Available
Vendor-quantumn/aIBM CorporationDell Inc.
Product-ts3310_tape_librarypowervault_ml6000powervault_ml6000_firmwarescalar_i500powervault_ml6020scalar_i500_firmwarepowervault_ml6010ts3310_tape_library_firmwarepowervault_ml6030n/a
CVE-2024-39583
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.31% / 53.84%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 08:45
Updated-31 Dec, 2025 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-insightiqPowerScale InsightIQpowerscale_insightiq
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-39581
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.37% / 58.78%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 08:49
Updated-31 Dec, 2025 | 00:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to read, modify, and delete arbitrary files.

Action-Not Available
Vendor-Dell Inc.
Product-insightiqPowerScale InsightIQpowerscale_insightiq
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2011-5169
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.14% / 78.43%
||
7 Day CHG~0.00%
Published-15 Sep, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter.

Action-Not Available
Vendor-n/aDell Inc.
Product-sonicwall_viewpointn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-37131
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-4.41% / 89.03%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 14:35
Updated-20 May, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated user.

Action-Not Available
Vendor-Dell Inc.
Product-policy_manager_for_secure_connect_gatewaySecure Connect Gateway (SCG) Policy Managersecure_connect_gateway_policy_manager
CWE ID-CWE-942
Permissive Cross-domain Policy with Untrusted Domains
CVE-2024-37143
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-10||CRITICAL
EPSS-0.68% / 71.60%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 02:25
Updated-22 Jan, 2026 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Improper Link Resolution Before File Access vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system.

Action-Not Available
Vendor-Dell Inc.
Product-powerflex_managerpowerflex_rack_release_certification_matrixinsightiqdata_lakehousepowerflex_appliance_intelligent_catalogDell Data LakehouseDell PowerFlex rackDell PowerFlex applianceDell PowerFlex custom nodeDell InsightIQ
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-28980
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.71%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:20
Updated-04 Feb, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

Action-Not Available
Vendor-Dell Inc.
Product-recoverpoint_for_virtual_machinesRecoverPoint for Virtual Machines
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-25943
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-2.40% / 85.07%
||
7 Day CHG~0.00%
Published-29 Jun, 2024 | 12:52
Updated-03 Feb, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9Integrated Dell Remote Access Controller 9integrated_dell_remote_access_controller_9_firmware
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2024-22426
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.79% / 73.90%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 11:20
Updated-23 Jan, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.

Action-Not Available
Vendor-Dell Inc.
Product-recoverpoint_for_virtual_machinesRecoverPoint for VMsrecoverpoint_for_virtual_machines
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22433
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.22% / 45.10%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 15:57
Updated-19 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.

Action-Not Available
Vendor-Dell Inc.
Product-data_protection_searchData Protection Search
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CVE-2025-43728
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.6||CRITICAL
EPSS-0.17% / 38.74%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 13:44
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

Action-Not Available
Vendor-Dell Inc.
Product-pro_max_16_pluspro_16_plus_pb16250latitude_5440pro_max_14latitude_3420latitude_5540wyse_5070_thin_clientlatitude_3440precision_3280latitude_3450optiplex_all-in-one_7410pro_14_pc14250optiplex_3000_tcoptiplex_5400_all-in-onewyse_5470_all-in-one_thin_clientoptiplex_all-in-one_7420thinospro_rugged_13_ra13250optiplex_micro_plus_7010pro_24_all-in-onewyse_5070_extended_thin_clientpro_tower_qct1250pro_rugged_14_rb14250pro_slim_low_sffoptiplex_7020pro_16_pc16250latitude_5450latitude_5530latitude_5550wyse_5470_mtclatitude_3330precision_3260_compactlatitude_5520ThinOS 10
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-36604
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-13.08% / 94.12%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 14:00
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-36594
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 61.73%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 14:25
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Remote unauthenticated user can create account that potentially expose customer info, affect system integrity and availability.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain Feature ReleasePowerProtect Data Domain LTS2024PowerProtect Data Domain LTS 2023
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2023-44302
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-5.08% / 89.82%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 08:44
Updated-02 Aug, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access of resources or functionality that could possibly lead to execute arbitrary code.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_manager_dm5500_firmwarepowerprotect_data_manager_dm5500Dell PowerProtect Data Manager DM5500 Appliance
CWE ID-CWE-287
Improper Authentication
CVE-2023-44305
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-5.16% / 89.91%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 08:25
Updated-02 Aug, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerability in the appliance. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.

Action-Not Available
Vendor-Dell Inc.
Product-dm5500_firmwaredm5500Dell PowerProtect Data Manager DM5500 Appliance
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-3758
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.62% / 70.03%
||
7 Day CHG~0.00%
Published-18 Sep, 2019 | 22:23
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-archerRSA Archer
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-521
Weak Password Requirements
CVE-2023-39244
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.58% / 68.88%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 12:56
Updated-23 Jan, 2025 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.

Action-Not Available
Vendor-Dell Inc.
Product-enterprise_storage_integrator_for_sap_landscape_managementESI (Enterprise Storage Integrator) for SAP LAMAenterprise_storage_integrator_for_sap_lama
CWE ID-CWE-284
Improper Access Control
CVE-2022-31232
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.6||HIGH
EPSS-1.19% / 78.83%
||
7 Day CHG~0.00%
Published-30 Aug, 2022 | 20:25
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_storage_softwareSmart Fabric Storage Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-32493
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.43% / 62.48%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 13:52
Updated-08 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-693
Protection Mechanism Failure
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found