Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-21546

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-29 Jul, 2021 | 15:55
Updated At-16 Sep, 2024 | 23:56
Rejected At-
Credits

Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:29 Jul, 2021 | 15:55
Updated At:16 Sep, 2024 | 23:56
Rejected At:
▼CVE Numbering Authority (CNA)

Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files.

Affected Products
Vendor
Dell Inc.Dell
Product
NetWorker
Versions
Affected
  • From unspecified before 19.3.0.4 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-532CWE-532: Information Exposure Through Log Files
Type: CWE
CWE ID: CWE-532
Description: CWE-532: Information Exposure Through Log Files
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000185470/dsa-2021-081-dell-emc-networker-security-update-for-a-clear-text-vulnerability
x_refsource_MISC
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000185470/dsa-2021-081-dell-emc-networker-security-update-for-a-clear-text-vulnerability
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000185470/dsa-2021-081-dell-emc-networker-security-update-for-a-clear-text-vulnerability
x_refsource_MISC
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000185470/dsa-2021-081-dell-emc-networker-security-update-for-a-clear-text-vulnerability
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:29 Jul, 2021 | 16:15
Updated At:05 Aug, 2021 | 19:06

Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Dell Inc.
dell
>>emc_networker>>Versions from 19.1.1.0(inclusive) to 19.3.0.4(exclusive)
cpe:2.3:a:dell:emc_networker:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>emc_networker>>18.1.0.1
cpe:2.3:a:dell:emc_networker:18.1.0.1:*:*:*:*:*:*:*
Dell Inc.
dell
>>emc_networker>>18.1.0.2
cpe:2.3:a:dell:emc_networker:18.1.0.2:*:*:*:*:*:*:*
Dell Inc.
dell
>>emc_networker>>18.2.0.0
cpe:2.3:a:dell:emc_networker:18.2.0.0:*:*:*:*:*:*:*
Dell Inc.
dell
>>emc_networker>>19.4.0.0
cpe:2.3:a:dell:emc_networker:19.4.0.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-532Primarynvd@nist.gov
CWE-532Secondarysecurity_alert@emc.com
CWE ID: CWE-532
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-532
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000185470/dsa-2021-081-dell-emc-networker-security-update-for-a-clear-text-vulnerabilitysecurity_alert@emc.com
Patch
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000185470/dsa-2021-081-dell-emc-networker-security-update-for-a-clear-text-vulnerability
Source: security_alert@emc.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

599Records found
CVE-2019-18576
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.12% / 30.84%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 20:30
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-xtremio_management_serverXtremIO
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-30105
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.02% / 6.05%
||
7 Day CHG+0.01%
Published-30 Jul, 2025 | 17:50
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell XtremIO, version(s) 6.4.0-22, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-xtremio_management_serverxtremio_x2techadvisorXtremIO
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-26332
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.02% / 6.05%
||
7 Day CHG+0.01%
Published-30 Jul, 2025 | 17:55
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-xtremio_management_serverxtremio_x2techadvisorTechAdvisor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-45098
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 05:00
Updated-26 Mar, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-21601
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.35%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 19:05
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_data_protection_searchData Protection Search
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-21597
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 19:05
Updated-16 Sep, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. An authenticated malicious user with physical access to the system could exploit this vulnerability to read sensitive information written to the log files.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_5070_thin_clientwyse_thinoswyse_5470_thin_clientwyse_3040_thin_clientWyse ThinOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-21561
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.59%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 20:00
Updated-16 Sep, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-28261
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.37%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 12:43
Updated-13 Apr, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-elastic_cloud_storageobjectscaleObjectScaleElastic Cloud Storage
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-36278
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.19% / 40.48%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 22:00
Updated-17 Sep, 2024 | 03:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access sensitive information. If any third-party consumes those logs, the same sensitive information is available to those systems as well.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-36340
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.59%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 01:40
Updated-23 May, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway (SCG) 5.0 Application
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-36289
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.41%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 22:15
Updated-17 Sep, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.

Action-Not Available
Vendor-Dell Inc.
Product-vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX Control Station
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-21558
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.06% / 18.78%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 18:05
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-21598
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-3.9||LOW
EPSS-0.05% / 16.26%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 19:05
Updated-17 Sep, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. An authenticated attacker with physical access to the system could exploit this vulnerability to read sensitive Smartcard data in log files.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_5070_thin_clientwyse_thinoswyse_5470_thin_clientwyse_3040_thin_clientWyse ThinOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-3763
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.05% / 14.98%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 19:17
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.

Action-Not Available
Vendor-Dell Inc.
Product-rsa_identity_governance_and_lifecyclersa_via_lifecycle_and_governanceRSA Via Lifecycle and GovernanceRSA Identity Governance and Lifecycle
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-36573
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.12%
||
7 Day CHG~0.00%
Published-12 Jun, 2025 | 15:18
Updated-13 Jan, 2026 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability. A user with local access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-pro_smart_dock_sd25_firmwarepro_thunderbolt_4_smart_dock_sd25tb4pro_thunderbolt_4_smart_dock_sd25tb4_firmwarepro_smart_dock_sd25Smart Dock
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-26199
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 14.43%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_vsa_operating_environmentemc_unity_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-25957
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-4.8||MEDIUM
EPSS-0.06% / 19.18%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 15:26
Updated-28 Jan, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure that could be used to access the appsync application with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-grabGrab for Windows
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-25959
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.9||HIGH
EPSS-0.08% / 24.19%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 17:49
Updated-09 Jan, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSpowerscale_onefs
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-43888
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.02% / 5.92%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 15:42
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Data Manager
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-30483
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.54%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 14:30
Updated-02 Aug, 2025 | 01:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-elastic_cloud_storageobjectscaleECSObjectScale
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-3716
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.04%
||
7 Day CHG~0.00%
Published-13 Mar, 2019 | 22:00
Updated-16 Sep, 2024 | 22:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Exposure Vulnerability

RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-archer_grc_platformRSA Archer
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-3715
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.20%
||
7 Day CHG~0.00%
Published-13 Mar, 2019 | 22:00
Updated-16 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Exposure Vulnerability

RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-archer_grc_platformRSA Archer
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-32446
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-20 Jul, 2023 | 12:50
Updated-17 Oct, 2024 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_thinoswyse_5470_all-in-one_thin_clientoptiplex_3000_thin_clientoptiplex_5400wyse_5070_thin_clientlatitude_3420wyse_5470_mobile_thin_clientlatitude_5440latitude_3440wyse_3040_thin_clientWyse Proprietary OS (Modern ThinOS)
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-32447
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-20 Jul, 2023 | 12:55
Updated-17 Oct, 2024 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_thinoswyse_5470_all-in-one_thin_clientoptiplex_3000_thin_clientoptiplex_5400wyse_5070_thin_clientlatitude_3420wyse_5470_mobile_thin_clientlatitude_5440latitude_3440wyse_3040_thin_clientWyse Proprietary OS (Modern ThinOS)
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-32455
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-20 Jul, 2023 | 12:44
Updated-17 Oct, 2024 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_thinoswyse_5470_all-in-one_thin_clientoptiplex_3000_thin_clientoptiplex_5400wyse_5070_thin_clientlatitude_3420wyse_5470_mobile_thin_clientlatitude_5440latitude_3440wyse_3040_thin_clientWyse Proprietary OS (Modern ThinOS)
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-22573
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.9||HIGH
EPSS-0.06% / 18.62%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 13:10
Updated-26 Mar, 2025 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-22572
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.50%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 12:54
Updated-26 Mar, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2017-8001
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.08% / 23.85%
||
7 Day CHG~0.00%
Published-28 Nov, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials.

Action-Not Available
Vendor-n/aDell Inc.Linux Kernel Organization, Inc
Product-emc_scaleiolinux_kernelEMC ScaleIO EMC ScaleIO 2.0.1.x
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-30103
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 6.60%
||
7 Day CHG+0.01%
Published-30 Jul, 2025 | 18:18
Updated-06 Aug, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, versions prior to 10.6.0.5 contains a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Software
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2025-30099
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.43%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 14:47
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain Feature ReleasePowerProtect Data Domain LTS2024PowerProtect Data Domain LTS 2023
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-27689
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.28%
||
7 Day CHG~0.00%
Published-12 Jun, 2025 | 20:36
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-idrac_toolsiDRAC Tools
CWE ID-CWE-284
Improper Access Control
CVE-2025-26331
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.40%
||
7 Day CHG+0.15%
Published-07 Mar, 2025 | 08:06
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_3420optiplex_3000_thin_clientlatitude_5440wyse_5470_all-in-one_thin_clientoptiplex_7420_all-in-onelatitude_5450latitude_3440optiplex_5400_all-in-oneoptiplex_7410_all-in-onewyse_5070_thin_clientthinoswyse_5470_mobile_thin_clientWyse Proprietary OS (Modern ThinOS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-26476
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.04% / 12.91%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 18:44
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-objectscaleelastic_cloud_storageObjectScaleECS
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-45099
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.22%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 05:03
Updated-26 Mar, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-261
Weak Encoding for Password
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-24377
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 02:16
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-24379
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.74%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 02:09
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-24378
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.74%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 02:12
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-24386
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.74%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 02:19
Updated-26 Feb, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-48670
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.04% / 11.94%
||
7 Day CHG~0.00%
Published-22 Dec, 2023 | 15:57
Updated-25 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_home_pcsSupportAssist Client Consumer
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-53289
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.08% / 22.91%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 07:40
Updated-04 Feb, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-thinosWyse Proprietary OS (Modern ThinOS)
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2023-44283
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.80%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 07:49
Updated-17 Oct, 2024 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist for Home PCsSupportAssist for Business PCssupportassist_for_business_pcssupportassist_for_home_pcs
CWE ID-CWE-284
Improper Access Control
CVE-2025-23375
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.28%
||
7 Day CHG~0.00%
Published-28 Apr, 2025 | 14:28
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Data Manager
CWE ID-CWE-648
Incorrect Use of Privileged APIs
CVE-2023-44296
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.03% / 10.34%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 07:46
Updated-01 Nov, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information.

Action-Not Available
Vendor-Dell Inc.
Product-e-lab_navigatorMobility - E-Lab Navigator
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-22399
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.9||HIGH
EPSS-0.06% / 17.16%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 16:24
Updated-06 Dec, 2025 | 00:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request forgery

Action-Not Available
Vendor-Dell Inc.
Product-utility_configuration_collector_edgeUCC Edge
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-21503
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.64%
||
7 Day CHG~0.00%
Published-08 Mar, 2021 | 21:44
Updated-17 Sep, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21537
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 17.77%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 17:40
Updated-16 Sep, 2024 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to view and exfiltrate sensitive information on the system.

Action-Not Available
Vendor-Dell Inc.
Product-hybrid_clientDell Hybrid Client (DHC)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-21536
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 17.77%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 17:40
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to register the client to a server in order to view sensitive information.

Action-Not Available
Vendor-Dell Inc.
Product-hybrid_clientDell Hybrid Client (DHC)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-21531
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.14% / 34.84%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 21:10
Updated-17 Sep, 2024 | 03:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermax_virtual_applianceunisphere_for_powermaxsolutions_enabler_virtual_appliancepowermax_ossolutions_enablerUnisphere for PowerMax
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CWE ID-CWE-669
Incorrect Resource Transfer Between Spheres
CVE-2021-21534
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4||MEDIUM
EPSS-0.05% / 16.05%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 17:40
Updated-16 Sep, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain access to sensitive information via the local API.

Action-Not Available
Vendor-Dell Inc.
Product-hybrid_clientDell Hybrid Client (DHC)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-21551
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-66.91% / 98.56%
||
7 Day CHG-2.73%
Published-04 May, 2021 | 15:15
Updated-28 Oct, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-21||Apply updates per vendor instructions.

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Action-Not Available
Vendor-Dell Inc.
Product-xps_13_9370latitude_7210_2_in_1wyse_5470inspiron_7391_2-in-1precision_7540latitude_5280_mobile_thin_clientoptiplex_7460_all-in-onevostro_5300inspiron_3493inspiron_7386latitude_5310latitude_3301precision_3541vostro_14_5468xps_9530precision_3530inspiron_5348optiplex_5260_all-in-oneinspiron_3847inspiron_7786vostro_3480inspiron_3647inspiron_5770inspiron_5480latitude_e7270_mobile_thin_clientwyse_5070vostro_3501inspiron_14-5459inspiron_5300optiplex_7450_all-in-onelatitude_12_rugged_tablet_7212vostro_5880inspiron_3442optiplex_3080precision_t1700latitude_rugged_5424vostro_5391latitude_e6430_atglatitude_3300optiplex_3090_ultralatitude_5401latitude_7400_2in1vostro_3580chengming_3991latitude_5420inspiron_14-3452latitude_5500precision_t3610latitude_5410inspiron_one_2020vostro_1450latitude_5300inspiron_3168vostro_14_5471inspiron_660vostro_3591latitude_5280optiplex_390precision_7530inspiron_17_5767optiplex_5050inspiron_3580inspiron_7586latitude_5590latitude_3550latitude_3390optiplex_5040precision_3930_rackg7_7500cheng_ming_3967inspiron_7490latitude_7285latitude_e7270latitude_e7450optiplex_5480_aioprecision_5820_towerinspiron_17-5759precision_7740latitude_e6440inspiron_1545latitude_7389vostro_3900inspiron_3671latitude_3560inspiron_5402latitude_e7440alienware_m17xr4vostro_3491vostro_5502latitude_3490inspiron_5494vostro_3668latitude_5288inspiron_5323inspiron_3881inspiron_3490optiplex_3050_aioinspiron_15zprecision_m6600canvas_27vostro_7500latitude_e6330chengming_3988g7_7590inspiron_5521latitude_14_rugged_5414optiplex_5250_all-in-oneoptiplex_7480_aiovostro_5490vostro_5090latitude_3480inspiron_5485_2-in-1vostro_20_3055inspiron_7737latitude_7420vostro_3471precision_7920_towerinspiron_5408latitude_3570xps_8940inspiron_3581precision_5540latitude_e5570vostro_3660xps_15_9500latitude_12_rugged_extreme_7214vostro_5491latitude_5520vostro_3890precision_m4700xps_13_9300inspiron_3043xps_9550vostro_5410g5_5500inspiron_15_5566inspiron_14_7460inspiron_7300gaming_g3_3590latitude_3120inspiron_5400_2-in-1precision_t7500alienware_asm100precision_7710vostro_3401inspiron_7520alienware_17_51m_r2inspiron_3481vostro_3681precision_3620_towerinspiron_1210thunderbolt_dock_tb18dclatitude_xt3latitude_5550precision_7550alienware_m14xr2inspiron_2330latitude_14_rugged_extreme_7404thunderbolt_dock_tb16latitude_5289inspiron_5576xps_15_9575_2-in-1vostro_5480inspiron_3157inspiron_3471g5_5000inspiron_5590latitude_3189inspiron_11-3162alienware_m15_r4inspiron_3268inspiron_15_5567inspiron_5443latitude_14_rugged_extreme_7414xps_13_9310xps_13_9365_2-in-1g5_5090latitude_e5540optiplex_5060inspiron_3880optiplex_xe2inspiron_7501latitude_5290latitude_3400precision_3430_xlinspiron_7591_2-in-1precision_m4600xps_one_2710inspiron_5520inspiron_3593optiplex_3070latitude_e5440vostro_3500optiplex_3240_all-in-onelatitude_5175vostro_3470vostro_5481inspiron_3543latitude_e6320xps_13_9343inspiron_7472precision_17_m5750inspiron_14_gaming_7466latitude_3190_2-in-1latitude_e7250vostro_3888inspiron_15_7572inspiron_7500_2-in-1_blackvostro_230inspiron_7359inspiron_3668precision_t5610vostro_5501latitude_e5430precision_3550wyse_7040_thin_clientlatitude_7290optiplex_7071vostro_3400chengming_3977inspiron_5570optiplex_9010vostro_3901inspiron_3790inspiron_7368vostro_5581inspiron_13_5370latitude_3480_mobile_thin_clientlatitude_7390inspiron_7537optiplex_9030_aioinspiron_5491_2-in-1inspiron_7300_2-in-1vostro_3252vostro_5390latitude_rugged_extreme_7424g15_5510inspiron_1564optiplex_5055_a-serialprecision_3431_towerprecision_t7810vostro_3010vostro_3267latitude_e5420inspiron_5676inspiron_7558latitude_rugged_extreme_tablet_7220latitude_3190xps_17_9700inspiron_5584optiplex_7760_aiolatitude_e6540inspiron_7500optiplex_3046xps_7590dock_wd19precision_3520optiplex_7040precision_5510inspiron_7706_2-in-1latitude_5300_2-in-1precision_3440vostro_3583inspiron_5598precision_t5600optiplex_xe3inspiron_7791optiplex_fx130precision_t5500xps_13_9360inspiron_5548latitude_5285inspiron_5749vostro_13_5370precision_t3600latitude_5511vostro_15_3561g3_3500precision_3630_towervostro_5401alienware_14latitude_5285_2-in-1latitude_5480precision_3640vostro_2521inspiron_660slatitude_7310inspiron_5498latitude_5400inspiron_7580g5_5587inspiron_one_19precision_5530latitude_7490optiplex_7770_aioinspiron_5481_2-in-1inspiron_5482latitude_3410optiplex_9020xps_9350vostro_3800inspiron_5591_2-in-1latitude_e5270g3_3579latitude_e6230inspiron_3781inspiron_20-3052precision_7820_towervostro_15_7570vostro_20_3052inspiron_5583optiplex_7050precision_t7610latitude_3460_wyse_tclatitude_5250inspiron_7548vostro_3581latitude_9510latitude_rugged_5420optiplex_7090_ultralatitude_3590inspiron_3252precision_r5500inspiron_7591precision_3420_towerg7_7790embedded_box_pc_5000vostro_5591vostro_5590optiplex_5055_ryzen_cpuinspiron_15_gaming_7577inspiron_7790vostro_3481inspiron_24-3452precision_7720inspiron_24-3455inspiron_3646inspiron_3670inspiron_15_gaming_7567optiplex_7070_ultraprecision_7510inspiron_3780xps_15_9570vostro_3690inspiron_14_5468optiplex_5055_ryzen_apulatitude_e7470latitude_3150alienware_m18xr2precision_3240_cffinspiron_3584optiplex_7080vostro_270precision_t5810xps_15_9560optiplex_5055vostro_3584inspiron_1122inspiron_7306_2-in-1dock_wd15inspiron_7391optiplex_7020inspiron_5490_aiovostro_3905inspiron_5409inspiron_15-5559optiplex_5080inspiron_5401precision_5520precision_m6700inspiron_3520latitude_5490precision_3510precision_5530_2-in-1xps_8900xps_13_9310_2-in-1precision_t7910latitude_3500vostro_3490precision_7520optiplex_3020precision_3560inspiron_5423optiplex_3030_aiovostro_1550vostro_3671xps_12_9250inspiron_7590_2-in-1inspiron_7746latitude_12_7285inspiron_5448vostro_15_5568latitude_e5470optiplex_790precision_3540latitude_7275optiplex_7010latitude_3580precision_t3500inspiron_15_gaming_7566optiplex_990precision_3430_towerchengming_3980latitude_rugged_7424vostro_220slatitude_3470vostro_5301latitude_5310_2-in-1vostro_3070inspiron_5501latitude_5200xps_13_7390_2-in-1xps_27_7760latitude_3310_2-in-1inspiron_5491_aiolatitude_7480inspiron_5400_aioinspiron_5493inspiron_7437optiplex_fx170alienware_asm100r2latitude_7410xps_13_9380inspiron_15-3552inspiron_3443inspiron_5509latitude_5320precision_5820_xl_toweroptiplex_3040inspiron_3470latitude_7520inspiron_5406_2-in-1optiplexlatitude_3380g7_7700inspiron_3793inspiron_5301inspiron_3891vostro_3902inspiron_15-5565vostro_3900ginspiron_3437inspiron_5490inspiron_3583latitude_9410latitude_3340optiplex_7070inspiron_3542inspiron_620inspiron_5391latitude_e6220chengming_3990vostro_15_7580latitude_3350precision_5550inspiron_3421vostro_3560inspiron_7380latitude_5290_2-in-1latitude_7400precision_7730vostro_5890g3_3779latitude_7350inspiron_3048inspiron_3655inspiron_3501inspiron_5537latitude_3180latitude_7200_2-in-1vostro_3669vostro_3670vostro_3881inspiron_3480latitude_e5530wyse_5470_all-in-oneinspiron_5577precision_7820_xl_towerinspiron_580soptiplex_7060latitude_3450alienware_area_51latitude_5495latitude_5488inspiron_15_7560inspiron_3521optiplex_7440_aioinspiron_5390inspiron_3537inspiron_5594vostro_14-5459inspiron_7506_2-in-1latitude_3160inspiron_3656optiplex_3050latitude_5501inspiron_5508latitude_5580vostro_260xps_13_9305inspiron_7590xps_13_7390optiplex_3280_aioinspiron_24-5475latitude_7370precision_7920_xl_toweroptiplex_5070optiplex_5270_aiolatitude_5450latitude_5179optiplex_3011_aiolatitude_5510inspiron_7559latitude_7390_2-in-1optiplex_3010precision_7750vostro_7590precision_5720_aiovostro_14_3458inspiron_14_gaming_7467latitude_7280latitude_e6530vostro_3667optiplex_3060inspiron_7720latitude_3510vostro_270sinspiron_3147g5_5590latitude_3460inspiron_3590g7_7588latitude_3310latitude_rugged_extreme_tablet_7220exlatitude_7380vostro_14-3446vostro_3590inspiron_5737inspiron_5580inspiron_5593latitude_5411precision_3930_xl_racklatitude_3330latitude_e7240latitude_3440optiplex_780inspiron_5543chengming_3967inspiron_7700optiplex_7780_aiovostro_3268inspiron_7500_2-in-1_silverinspiron_7390latitude_5491inspiron_15_5582_2-in-1vostro_470vostro_5402inspiron_7400latitude_7300latitude_5591precision_3551xps_8700latitude_7320precision_t7600latitude_e7270_wyse_tcdbutilinspiron_5502latitude_e6430dbutildbutil Driver
CWE ID-CWE-782
Exposed IOCTL with Insufficient Access Control
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 11
  • 12
  • Next
Details not found