Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-21530

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-30 Apr, 2021 | 21:10
Updated At-16 Sep, 2024 | 20:42
Rejected At-
Credits

Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive information in the system, resulting in information disclosure and elevation of privilege.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:30 Apr, 2021 | 21:10
Updated At:16 Sep, 2024 | 20:42
Rejected At:
▼CVE Numbering Authority (CNA)

Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive information in the system, resulting in information disclosure and elevation of privilege.

Affected Products
Vendor
Dell Inc.Dell
Product
OpenManage Enterprise
Versions
Affected
  • From unspecified before 1.30.00 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
3.18.3HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Version: 3.1
Base score: 8.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/000185205
x_refsource_MISC
Hyperlink: https://www.dell.com/support/kbdoc/000185205
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/000185205
x_refsource_MISC
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/000185205
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:30 Apr, 2021 | 21:15
Updated At:10 May, 2021 | 19:30

Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive information in the system, resulting in information disclosure and elevation of privilege.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.3HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
Dell Inc.
dell
>>openmanage_enterprise-modular>>Versions before 1.30.00(exclusive)
cpe:2.3:a:dell:openmanage_enterprise-modular:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE-78Secondarysecurity_alert@emc.com
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-78
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/000185205security_alert@emc.com
Patch
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/000185205
Source: security_alert@emc.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1366Records found
CVE-2021-36316
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.23% / 45.02%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:05
Updated-16 Sep, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure of the AUI info and performing some unauthorized operation on the AUI.

Action-Not Available
Vendor-Dell Inc.
Product-emc_avamar_serverAvamar
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-29987
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.94%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 15:18
Updated-22 Jan, 2026 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_domaindata_domain_operating_systempowerprotect_dm5500_firmwarepowerprotect_dm5500DD OS 7.10DD OS 7.13PowerProtect DP Series Appliance (IDPA)DD OS 8.3
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CVE-2022-34456
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-2.22% / 84.16%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 05:11
Updated-03 Apr, 2025 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application.

Action-Not Available
Vendor-Dell Inc.
Product-emc_metro_nodeMetro node
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-26477
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.3||MEDIUM
EPSS-0.58% / 68.29%
||
7 Day CHG+0.34%
Published-17 Apr, 2025 | 11:45
Updated-01 Aug, 2025 | 21:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Dell Inc.
Product-elastic_cloud_storageobjectscaleECS
CWE ID-CWE-20
Improper Input Validation
CVE-2024-52538
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-0.13% / 32.18%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 10:16
Updated-04 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

Action-Not Available
Vendor-Dell Inc.
Product-avamar_serveravamar_data_storeAvamar
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-45097
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.36% / 57.41%
||
7 Day CHG-0.01%
Published-01 Feb, 2023 | 04:50
Updated-27 Mar, 2025 | 13:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-842
Placement of User into Incorrect Group
CVE-2024-7922
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-16.66% / 94.76%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 15:00
Updated-20 Aug, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DNS-1550-04 myMusic.cgi cgi_write_playlist command injection

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this issue is the function cgi_audio_search/cgi_create_playlist/cgi_get_album_all_tracks/cgi_get_alltracks_editlist/cgi_get_artist_all_album/cgi_get_genre_all_tracks/cgi_get_tracks_list/cgi_set_airplay_content/cgi_write_playlist of the file /cgi-bin/myMusic.cgi. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

Action-Not Available
Vendor-D-Link CorporationDell Inc.
Product-dns-340ldnr-202ldns-320lw_firmwaredns-327ldns-1200-05dns-321_firmwaredns-325dns-120dns-343dns-320l_firmwaredns-320dnr-326dns-726-4dns-120_firmwaredns-326_firmwaredns-315ldnr-322ldns-326dns-1200-05_firmwaredns-1100-4_firmwarednr-326_firmwaredns-343_firmwaredns-345_firmwarednr-202l_firmwaredns-1550-04dns-323_firmwaredns-320_firmwaredns-320lwdns-315l_firmwaredns-320ldns-323dns-1100-4dnr-322l_firmwaredns-325_firmwaredns-345dns-1550-04_firmwaredns-726-4_firmwaredns-340l_firmwaredns-321dns-327l_firmwareDNS-326DNR-326DNS-327LDNS-120DNR-202LDNS-321DNS-323DNS-340LDNS-320LWDNR-322LDNS-320LDNS-345DNS-1550-04DNS-1200-05DNS-325DNS-343DNS-315LDNS-726-4DNS-320DNS-1100-4dns-343_firmwarednr-202l_firmwaredns-320lw_firmwaredns-323_firmwaredns-320_firmwaredns-315l_firmwaredns-321_firmwaredns-320l_firmwarednr-322l_firmwaredns-325_firmwaredns-120_firmwaredns-326_firmwaredns-1550-04_firmwaredns-726-4_firmwaredns-1200-05_firmwaredns-340l_firmwaredns-1100-4_firmwarednr-326_firmwaredns-345_firmwaredns-327l_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-49559
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.23%
||
7 Day CHG~0.00%
Published-17 Mar, 2025 | 17:29
Updated-30 Apr, 2025 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Use of Default Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Software
CWE ID-CWE-1393
Use of Default Password
CVE-2022-34375
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.39% / 59.64%
||
7 Day CHG~0.00%
Published-30 Aug, 2022 | 20:25
Updated-16 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory.

Action-Not Available
Vendor-Dell Inc.
Product-container_storage_modulesDell Container Storage Modules
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34426
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-4.40% / 88.75%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 16:40
Updated-16 May, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional access to path outside of restricted directory.

Action-Not Available
Vendor-Dell Inc.
Product-container_storage_modulesDell Container Storage Modules
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34446
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.34%
||
7 Day CHG+0.09%
Published-10 Feb, 2023 | 20:44
Updated-26 Mar, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration.

Action-Not Available
Vendor-Dell Inc.
Product-powerpath_management_appliancePowerPath Management Appliance
CWE ID-CWE-285
Improper Authorization
CVE-2022-33928
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.10% / 27.05%
||
7 Day CHG~0.00%
Published-10 Aug, 2022 | 16:31
Updated-17 Sep, 2024 | 02:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-26857
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9||CRITICAL
EPSS-0.25% / 47.92%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_enterpriseOpenManage Enterprise
CWE ID-CWE-285
Improper Authorization
CVE-2022-24428
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.32% / 54.56%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 19:50
Updated-17 Sep, 2024 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2015-7274
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-8.8||HIGH
EPSS-2.30% / 84.41%
||
7 Day CHG~0.00%
Published-10 Apr, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands.

Action-Not Available
Vendor-n/aDell Inc.
Product-integrated_remote_access_controller_6integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC)
CVE-2018-1184
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.25% / 47.73%
||
7 Day CHG~0.00%
Published-03 Feb, 2018 | 01:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges.

Action-Not Available
Vendor-n/aDell Inc.
Product-emc_recoverpointemc_recoverpoint_for_virtual_machinesEMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-43589
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.06% / 18.53%
||
7 Day CHG~0.00%
Published-24 Jan, 2022 | 20:10
Updated-17 Sep, 2024 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-11077
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.37% / 58.14%
||
7 Day CHG~0.00%
Published-26 Nov, 2018 | 20:00
Updated-17 Sep, 2024 | 03:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Dell Inc.
Product-emc_integrated_data_protection_applianceemc_avamarvsphere_data_protectionIntegrated Data Protection ApplianceAvamar
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-26193
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.87%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-22277
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.16%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 08:27
Updated-04 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell UnityVSA, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-UnityVSA
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-21418
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.16%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 08:38
Updated-04 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-Unity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36313
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.1||CRITICAL
EPSS-1.04% / 77.02%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 20:00
Updated-16 Sep, 2024 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it may be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-cloudlinkCloudLink
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36293
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.07% / 22.36%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 19:50
Updated-17 Sep, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-vnxe1600vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-36287
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-2.11% / 83.77%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 19:50
Updated-16 Sep, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system.

Action-Not Available
Vendor-Dell Inc.
Product-vnxe1600vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36296
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.94% / 75.84%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 22:15
Updated-16 Sep, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system.

Action-Not Available
Vendor-Dell Inc.
Product-vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX Control Station
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36295
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.94% / 75.84%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 22:15
Updated-17 Sep, 2024 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system.

Action-Not Available
Vendor-Dell Inc.
Product-vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX Control Station
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-49565
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.34%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 01:28
Updated-08 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-49563
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.34%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 01:35
Updated-08 Jul, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-48008
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.41%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 13:30
Updated-04 Feb, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. An Low privileged remote attacker could potentially exploit this vulnerability leading to information disclosure ,allowing of unintended actions like reading files that may contain sensitive information

Action-Not Available
Vendor-Dell Inc.
Product-recoverpoint_for_virtual_machinesRecoverPoint for Virtual Machines
CWE ID-CWE-11
ASP.NET Misconfiguration: Creating Debug Binary
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21585
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.1||CRITICAL
EPSS-1.37% / 79.91%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 21:05
Updated-16 Sep, 2024 | 23:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_enterpriseDell OpenManage Enterprise
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21570
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.44% / 62.56%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21503
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.75%
||
7 Day CHG~0.00%
Published-08 Mar, 2021 | 21:44
Updated-17 Sep, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21527
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.05% / 16.80%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:40
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21569
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.51% / 66.04%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21599
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.22% / 44.24%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 22:00
Updated-17 Sep, 2024 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21550
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.05% / 16.80%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:40
Updated-16 Sep, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21526
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.03% / 7.24%
||
7 Day CHG~0.00%
Published-20 Apr, 2021 | 16:45
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-5350
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.9||HIGH
EPSS-3.68% / 87.64%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 18:00
Updated-16 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceIntegrated Data Protection Appliance
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-5322
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.1||CRITICAL
EPSS-2.65% / 85.44%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 21:30
Updated-16 Sep, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a command injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit the vulnerability to execute arbitrary shell commands on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-emc_openmanage_enterprise-modularDell OpenManage Enterprise Modular
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-5332
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-2.06% / 83.56%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 18:50
Updated-16 Sep, 2024 | 22:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could potentially exploit this vulnerability to execute arbitrary commands on the system where the vulnerable application is deployed.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-archerRSA Archer
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-29499
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.16% / 37.07%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 21:30
Updated-17 Sep, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerStore versions prior to 1.0.3.0.5.006 contain an OS Command Injection vulnerability in PowerStore X environment . A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerstorePowerStore
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-29495
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-10||CRITICAL
EPSS-15.49% / 94.49%
||
7 Day CHG~0.00%
Published-14 Jan, 2021 | 21:10
Updated-16 Sep, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_avamar_serverAvamar
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22426
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-1.13% / 77.95%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 11:20
Updated-23 Jan, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.

Action-Not Available
Vendor-Dell Inc.
Product-recoverpoint_for_virtual_machinesRecoverPoint for VMsrecoverpoint_for_virtual_machines
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22222
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.82%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 19:04
Updated-01 Aug, 2024 | 22:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22225
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.10%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:51
Updated-07 May, 2025 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22224
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.20%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:48
Updated-07 May, 2025 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22227
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.25%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:37
Updated-07 May, 2025 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22445
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.19% / 40.35%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 07:40
Updated-22 Aug, 2024 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Data Managerpowerprotect_data_manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22223
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.18% / 38.87%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 19:07
Updated-07 May, 2025 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22228
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.25%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:40
Updated-07 May, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 27
  • 28
  • Next
Details not found