ByteOS Network

Type	CWE ID	Description
CWE	CWE-285	CWE-285: Improper Authorization

Version	Base score	Base severity	Vector
3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Hyperlink	Resource
https://www.dell.com/support/kbdoc/en-vc/000203434/dsa-2022-264-cloud-mobility-for-dell-storage-security-update-for-an-insecure-database-vulnerability	N/A

Hyperlink	Resource
https://www.dell.com/support/kbdoc/en-vc/000203434/dsa-2022-264-cloud-mobility-for-dell-storage-security-update-for-an-insecure-database-vulnerability	x_transferred

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov
CWE-285	Secondary	security_alert@emc.com

Hyperlink	Source	Resource
https://www.dell.com/support/kbdoc/en-vc/000203434/dsa-2022-264-cloud-mobility-for-dell-storage-security-update-for-an-insecure-database-vulnerability	security_alert@emc.com	Patch Vendor Advisory

CVE-2023-28052

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.04%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 09:02

Updated-08 Nov, 2024 | 16:10

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-28028

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.04%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 09:56

Updated-08 Nov, 2024 | 14:07

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-28035

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.04%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 09:34

Updated-08 Nov, 2024 | 16:32

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-28050

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.04%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 10:25

Updated-07 Nov, 2024 | 21:09

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-34408

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 8.45%

||

7 Day CHG~0.00%

Published-16 Mar, 2023 | 11:07

Updated-26 Feb, 2025 | 15:58

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Vendor-Dell Inc.

Product-r750xa_firmware t430_firmware r6515_firmware t350_firmware fc430_firmware m630_firmware t550_firmware r430 nx3330 r750xa c6420 r6515 fc430 r530_firmware r930_firmware r450 r650_firmware r6415 t130_firmware c6520_firmware t440 xe7420 m630 r640_firmware r740 r550_firmware c4130_firmware r830 r940xa r7515_firmware t340_firmware r240_firmware r630_firmware nx3230 fc640_firmware m830p r250 fc630_firmware r940xa_firmware xe2420_firmware nx3340 t640_firmware r940_firmware xe7440 r230_firmware m830_firmware c4140_firmware c6320_firmware xr12_firmware m640p r750 fc630 r730xd_firmware r7415 r550 r6415_firmware r340 xe8545 r650 nx430_firmware fc640 r630 c4130 r740xd2_firmware r7425_firmware r240 c6420_firmware t330_firmware mx740c r7425 r330_firmware c6525 t140 r750xs_firmware r330 nx430 r640 nx440_firmware mx840c m630p nx3340_firmware r750xs t630 m640 c6320 r430_firmware r650xs r350 t150_firmware r750_firmware t150 r6525 mx840c_firmware r740_firmware r450_firmware nx3240_firmware c4140 t630_firmware t340 t130 t430 r440_firmware r530 dss8440_firmware mx740c_firmware r250_firmware r940 r340_firmware r7415_firmware r840 r730 nx3240 m830 m640p_firmware xe8545_firmware r440 r740xd2 r7525_firmware r6525_firmware r730xd r540 r230 mx750c_firmware r840_firmware r740xd_firmware r7525 xe2420 xr11_firmware dss8440 xr11 m630p_firmware fc830 r350_firmware t550 xr12 nx3330_firmware mx750c nx440 t640 r830_firmware r540_firmware m830p_firmware t350 fc830_firmware t140_firmware xe7440_firmware r730_firmware xr2 m640_firmware r740xd r7515 t330 c6525_firmware xe7420_firmware r650xs_firmware t440_firmware xr2_firmware r930 nx3230_firmware c6520 PowerEdge Platform

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2022-34417

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 8.45%

||

7 Day CHG~0.00%

Published-16 Mar, 2023 | 11:50

Updated-26 Feb, 2025 | 15:32

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Vendor-Dell Inc.

Product-r750xa_firmware t430_firmware r6515_firmware t350_firmware fc430_firmware m630_firmware t550_firmware r430 nx3330 r750xa c6420 r6515 fc430 r530_firmware r930_firmware r450 r650_firmware r6415 t130_firmware c6520_firmware t440 xe7420 m630 r640_firmware r740 r550_firmware c4130_firmware r830 r940xa r7515_firmware t340_firmware r240_firmware r630_firmware nx3230 fc640_firmware m830p r250 fc630_firmware r940xa_firmware xe2420_firmware nx3340 t640_firmware r940_firmware xe7440 r230_firmware m830_firmware c4140_firmware c6320_firmware xr12_firmware m640p r750 fc630 r730xd_firmware r7415 r550 r6415_firmware r340 xe8545 r650 nx430_firmware fc640 r630 c4130 r740xd2_firmware r7425_firmware r240 c6420_firmware t330_firmware mx740c r7425 r330_firmware c6525 t140 r750xs_firmware r330 nx430 r640 nx440_firmware mx840c m630p nx3340_firmware r750xs t630 m640 c6320 r430_firmware r650xs r350 t150_firmware r750_firmware t150 r6525 mx840c_firmware r740_firmware r450_firmware nx3240_firmware c4140 t630_firmware t340 t130 t430 r440_firmware r530 dss8440_firmware mx740c_firmware r250_firmware r940 r340_firmware r7415_firmware r840 r730 nx3240 m830 m640p_firmware xe8545_firmware r440 r740xd2 r7525_firmware r6525_firmware r730xd r540 r230 mx750c_firmware r840_firmware r740xd_firmware r7525 xe2420 xr11_firmware dss8440 xr11 m630p_firmware fc830 r350_firmware t550 xr12 nx3330_firmware mx750c nx440 t640 r830_firmware r540_firmware m830p_firmware t350 fc830_firmware t140_firmware xe7440_firmware r730_firmware xr2 m640_firmware r740xd r7515 t330 c6525_firmware xe7420_firmware r650xs_firmware t440_firmware xr2_firmware r930 nx3230_firmware c6520 PowerEdge Platform

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2022-34418

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 8.45%

||

7 Day CHG~0.00%

Published-16 Mar, 2023 | 11:52

Updated-26 Feb, 2025 | 15:31

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Vendor-Dell Inc.

Product-r750xa_firmware t430_firmware r6515_firmware t350_firmware fc430_firmware m630_firmware t550_firmware r430 nx3330 r750xa c6420 r6515 fc430 r530_firmware r930_firmware r450 r650_firmware r6415 t130_firmware c6520_firmware t440 xe7420 m630 r640_firmware r740 r550_firmware c4130_firmware r830 r940xa r7515_firmware t340_firmware r240_firmware r630_firmware nx3230 fc640_firmware m830p r250 fc630_firmware r940xa_firmware xe2420_firmware nx3340 t640_firmware r940_firmware xe7440 r230_firmware m830_firmware c4140_firmware c6320_firmware xr12_firmware m640p r750 fc630 r730xd_firmware r7415 r550 r6415_firmware r340 xe8545 r650 nx430_firmware fc640 r630 c4130 r740xd2_firmware r7425_firmware r240 c6420_firmware t330_firmware mx740c r7425 r330_firmware c6525 t140 r750xs_firmware r330 nx430 r640 nx440_firmware mx840c m630p nx3340_firmware r750xs t630 m640 c6320 r430_firmware r650xs r350 t150_firmware r750_firmware t150 r6525 mx840c_firmware r740_firmware r450_firmware nx3240_firmware c4140 t630_firmware t340 t130 t430 r440_firmware r530 dss8440_firmware mx740c_firmware r250_firmware r940 r340_firmware r7415_firmware r840 r730 nx3240 m830 m640p_firmware xe8545_firmware r440 r740xd2 r7525_firmware r6525_firmware r730xd r540 r230 mx750c_firmware r840_firmware r740xd_firmware r7525 xe2420 xr11_firmware dss8440 xr11 m630p_firmware fc830 r350_firmware t550 xr12 nx3330_firmware mx750c nx440 t640 r830_firmware r540_firmware m830p_firmware t350 fc830_firmware t140_firmware xe7440_firmware r730_firmware xr2 m640_firmware r740xd r7515 t330 c6525_firmware xe7420_firmware r650xs_firmware t440_firmware xr2_firmware r930 nx3230_firmware c6520 PowerEdge Platform

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2019-18577

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.10% / 28.94%

||

7 Day CHG~0.00%

Published-13 Mar, 2020 | 20:30

Updated-16 Sep, 2024 | 18:48

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access.

Vendor-Dell Inc.

Product-xtremio_management_server XtremIO

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CVE-2019-18576

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.12% / 31.47%

||

7 Day CHG~0.00%

Published-13 Mar, 2020 | 20:30

Updated-16 Sep, 2024 | 17:58

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user.

Vendor-Dell Inc.

Product-xtremio_management_server XtremIO

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2023-28060

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.04%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 10:17

Updated-07 Nov, 2024 | 21:26

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-28054

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.04%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 09:06

Updated-08 Nov, 2024 | 15:13

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-28058

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.04%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 10:30

Updated-07 Nov, 2024 | 21:07

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-32490

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 6.88%

||

7 Day CHG~0.00%

Published-16 Aug, 2023 | 13:40

Updated-08 Oct, 2024 | 19:05

Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability. A high privilege local attacker could potentially exploit this vulnerability, leading to system takeover.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS

CWE ID-CWE-269

Improper Privilege Management

CVE-2023-32494

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 6.88%

||

7 Day CHG~0.00%

Published-16 Aug, 2023 | 12:56

Updated-08 Oct, 2024 | 19:13

Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS

CWE ID-CWE-274

Improper Handling of Insufficient Privileges

CVE-2023-32469

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 8.26%

||

7 Day CHG~0.00%

Published-16 Nov, 2023 | 08:14

Updated-02 Aug, 2024 | 15:18

Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution.

Vendor-Dell Inc.

Product-precision_5820_firmware precision_7820 precision_7920_firmware precision_7820_firmware precision_7920 precision_5820 Dell Precision 5820 Tower, Dell Precision 7820 Tower, Dell Precision 7920 Tower

CWE ID-CWE-20

Improper Input Validation

CVE-2023-32461

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5||MEDIUM

EPSS-0.07% / 20.54%

||

7 Day CHG~0.00%

Published-15 Sep, 2023 | 06:56

Updated-25 Sep, 2024 | 14:12

Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.

Vendor-Dell Inc.

CWE ID-CWE-122

Heap-based Buffer Overflow

CVE-2023-32489

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.01% / 0.52%

||

7 Day CHG~0.00%

Published-16 Aug, 2023 | 13:36

Updated-08 Oct, 2024 | 19:06

Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain elevated privileges.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS

CWE ID-CWE-280

Improper Handling of Insufficient Permissions or Privileges

CVE-2024-52537

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.3||MEDIUM

EPSS-0.01% / 2.09%

||

7 Day CHG~0.00%

Published-11 Dec, 2024 | 07:26

Updated-04 Feb, 2025 | 16:13

Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Vendor-Dell Inc.Linux Kernel Organization, Inc Microsoft Corporation

Product-windows dock_wd19_firmware_update_utility linux_kernel dock_wd22tb4_firmware_update_utility dock_hd22q_firmware_update_utility Dell Client Platform BIOS

CWE ID-CWE-61

UNIX Symbolic Link (Symlink) Following

CWE ID-CWE-59

Improper Link Resolution Before File Access ('Link Following')

CVE-2024-48015

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.02% / 3.10%

||

7 Day CHG+0.01%

Published-17 Mar, 2025 | 17:16

Updated-14 Jul, 2025 | 20:30

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

Vendor-Dell Inc.

Product-smartfabric_os10 SmartFabric OS10 Software

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2024-47238

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 7.07%

||

7 Day CHG-0.00%

Published-12 Dec, 2024 | 17:38

Updated-04 Feb, 2025 | 15:52

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Vendor-Dell Inc.

Product-edge_gateway_3000 embedded_box_pc_3000_firmware edge_gateway_3003 edge_gateway_5100_firmware edge_gateway_5100 embedded_box_pc_3000 edge_gateway_3002_firmware edge_gateway_3003_firmware edge_gateway_3002 edge_gateway_3001_firmware edge_gateway_3200_firmware edge_gateway_3001 edge_gateway_3000_firmware edge_gateway_5000_firmware edge_gateway_3200 edge_gateway_5000 Dell Client Platform BIOS

CWE ID-CWE-20

Improper Input Validation

CVE-2022-22550

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.04% / 8.86%

||

7 Day CHG~0.00%

Published-12 Apr, 2022 | 17:50

Updated-17 Sep, 2024 | 00:26

Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-549

Missing Password Field Masking

CWE ID-CWE-522

Insufficiently Protected Credentials

CVE-2018-1185

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-1.52% / 80.50%

||

7 Day CHG~0.00%

Published-03 Feb, 2018 | 01:00

Updated-05 Aug, 2024 | 03:51

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.

Vendor-n/a Dell Inc.

Product-emc_recoverpoint emc_recoverpoint_for_virtual_machines EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-43589

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.06% / 18.72%

||

7 Day CHG~0.00%

Published-24 Jan, 2022 | 20:10

Updated-17 Sep, 2024 | 00:21

Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.

Vendor-Dell Inc.

Product-emc_unity_operating_environment emc_unityvsa_operating_environment emc_unity_xt_operating_environment Unity

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-36318

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.06% / 18.87%

||

7 Day CHG~0.00%

Published-21 Dec, 2021 | 17:05

Updated-17 Sep, 2024 | 02:10

Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.

Vendor-Dell Inc.

Product-emc_avamar_server Avamar

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CWE ID-CWE-522

Insufficiently Protected Credentials

CVE-2021-36290

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.11% / 30.42%

||

7 Day CHG~0.00%

Published-08 Apr, 2022 | 19:50

Updated-16 Sep, 2024 | 16:53

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges.

Vendor-Dell Inc.

Product-vnxe1600 vnx5600 vnx5400 vnx5800 vnx_vg10 emc_unity_operating_environment vnx5200 vnx_vg50 vnx7600 vnx8000 VNX2

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CWE ID-CWE-269

Improper Privilege Management

CVE-2021-36342

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.91%

||

7 Day CHG~0.00%

Published-24 Jan, 2022 | 20:10

Updated-16 Sep, 2024 | 18:34

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-20

Improper Input Validation

CVE-2024-53292

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.2||HIGH

EPSS-0.02% / 4.05%

||

7 Day CHG~0.00%

Published-11 Dec, 2024 | 07:55

Updated-04 Feb, 2025 | 16:16

Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account.

Vendor-Dell Inc.

Product-vxrail_hyperconverged_infrastructure Dell VxRail HCI

CWE ID-CWE-256

Plaintext Storage of a Password

CWE ID-CWE-522

Insufficiently Protected Credentials

CVE-2020-5363

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.6||HIGH

EPSS-0.05% / 14.44%

||

7 Day CHG~0.00%

Published-10 Jun, 2020 | 20:40

Updated-16 Sep, 2024 | 20:53

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

CWE ID-CWE-158

Improper Neutralization of Null Byte or NUL Character

CVE-2020-29501

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.03% / 6.63%

||

7 Day CHG~0.00%

Published-05 Jan, 2021 | 21:40

Updated-16 Sep, 2024 | 16:43

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Vendor-Dell Inc.

Product-emc_powerstore emc_powerstore_firmware PowerStore

CWE ID-CWE-312

Cleartext Storage of Sensitive Information

CVE-2022-34406

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 8.45%

||

7 Day CHG~0.00%

Published-16 Mar, 2023 | 11:00

Updated-26 Feb, 2025 | 18:58

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Vendor-Dell Inc.

Product-r750xa_firmware t430_firmware r6515_firmware t350_firmware fc430_firmware m630_firmware t550_firmware r430 nx3330 r750xa c6420 r6515 fc430 r530_firmware r930_firmware r450 r650_firmware r6415 t130_firmware c6520_firmware t440 xe7420 m630 r640_firmware r740 r550_firmware c4130_firmware r830 r940xa r7515_firmware t340_firmware r240_firmware r630_firmware nx3230 fc640_firmware m830p r250 fc630_firmware r940xa_firmware xe2420_firmware nx3340 t640_firmware r940_firmware xe7440 r230_firmware m830_firmware c4140_firmware c6320_firmware xr12_firmware m640p r750 fc630 r730xd_firmware r7415 r550 r6415_firmware r340 xe8545 r650 nx430_firmware fc640 r630 c4130 r740xd2_firmware r7425_firmware r240 c6420_firmware t330_firmware mx740c r7425 r330_firmware c6525 t140 r750xs_firmware r330 nx430 r640 nx440_firmware mx840c m630p nx3340_firmware r750xs t630 m640 c6320 r430_firmware r650xs r350 t150_firmware r750_firmware t150 r6525 mx840c_firmware r740_firmware r450_firmware nx3240_firmware c4140 t630_firmware t340 t130 t430 r440_firmware r530 dss8440_firmware mx740c_firmware r250_firmware r940 r340_firmware r7415_firmware r840 r730 nx3240 m830 m640p_firmware xe8545_firmware r440 r740xd2 r7525_firmware r6525_firmware r730xd r540 r230 mx750c_firmware r840_firmware r740xd_firmware r7525 xe2420 xr11_firmware dss8440 xr11 m630p_firmware fc830 r350_firmware t550 xr12 nx3330_firmware mx750c nx440 t640 r830_firmware r540_firmware m830p_firmware t350 fc830_firmware t140_firmware xe7440_firmware r730_firmware xr2 m640_firmware r740xd r7515 t330 c6525_firmware xe7420_firmware r650xs_firmware t440_firmware xr2_firmware r930 nx3230_firmware c6520 PowerEdge Platform

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2023-23696

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-7||HIGH

EPSS-0.08% / 24.10%

||

7 Day CHG~0.00%

Published-07 Feb, 2023 | 09:49

Updated-25 Mar, 2025 | 15:29

Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system.

Vendor-Dell Inc.

Product-command_\|_intel_vpro_out_of_band Dell Command Intel vPro Out of Band (DCIV)

CWE ID-CWE-285

Improper Authorization

CWE ID-CWE-863

Incorrect Authorization

CVE-2022-34405

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.07% / 21.35%

||

7 Day CHG~0.00%

Published-25 Jan, 2023 | 16:15

Updated-28 Mar, 2025 | 14:53

An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system.

CWE ID-CWE-285

Improper Authorization

CVE-2021-36311

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.04% / 9.64%

||

7 Day CHG~0.00%

Published-23 Nov, 2021 | 20:00

Updated-16 Sep, 2024 | 22:09

Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it.

Vendor-Dell Inc.

Product-emc_networker NetWorker

CWE ID-CWE-285

Improper Authorization

CVE-2022-46752

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-4.6||MEDIUM

EPSS-0.09% / 27.11%

||

7 Day CHG~0.00%

Published-08 Mar, 2023 | 16:51

Updated-28 Feb, 2025 | 18:32

Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.

Vendor-Dell Inc.

CWE ID-CWE-285

Improper Authorization

CVE-2021-21511

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-8.1||HIGH

EPSS-0.15% / 36.46%

||

7 Day CHG~0.00%

Published-15 Feb, 2021 | 22:10

Updated-16 Sep, 2024 | 19:20

Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data.

Vendor-Dell Inc.

Product-emc_integrated_data_protection_appliance emc_avamar_server Avamar

CWE ID-CWE-285

Improper Authorization

CVE-2019-3764

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-5||MEDIUM

EPSS-0.19% / 40.64%

||

7 Day CHG~0.00%

Published-07 Nov, 2019 | 18:05

Updated-17 Sep, 2024 | 04:04

Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.

Vendor-Dell Inc.

Product-idrac9_firmware idrac7_firmware idrac8_firmware Integrated Dell Remote Access Controller (iDRAC)

CWE ID-CWE-285

Improper Authorization

CVE-2022-26857

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-9||CRITICAL

EPSS-0.25% / 48.07%

||

7 Day CHG~0.00%

Published-26 May, 2022 | 15:20

Updated-17 Sep, 2024 | 02:41

Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions.

Vendor-Dell Inc.

Product-openmanage_enterprise OpenManage Enterprise

CWE ID-CWE-285

Improper Authorization

CVE-2020-5362

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-7.1||HIGH

EPSS-0.05% / 15.53%

||

7 Day CHG~0.00%

Published-10 Jun, 2020 | 20:40

Updated-17 Sep, 2024 | 02:41

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.

Vendor-Dell Inc.

CWE ID-CWE-285

Improper Authorization

CWE ID-CWE-862

Missing Authorization

CVE-2020-5356

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-7.7||HIGH

EPSS-0.17% / 39.09%

||

7 Day CHG~0.00%

Published-06 Jul, 2020 | 17:45

Updated-16 Sep, 2024 | 19:36

Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.

Vendor-Dell Inc.

Product-powerprotect_x400 powerprotect_x400_firmware powerprotect_data_manager Power Protect Data Manager

CWE ID-CWE-285

Improper Authorization

CWE ID-CWE-552

Files or Directories Accessible to External Parties

CVE-2020-26183

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-6.8||MEDIUM

EPSS-0.13% / 33.01%

||

7 Day CHG~0.00%

Published-16 Oct, 2020 | 18:10

Updated-16 Sep, 2024 | 17:38

Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform 'nsrmmdbd' operations in an unintended manner.

Vendor-Dell Inc.

Product-emc_networker NetWorker

CWE ID-CWE-285

Improper Authorization

CWE ID-CWE-552

Files or Directories Accessible to External Parties

CVE-2023-28055

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-0.07% / 23.02%

||

7 Day CHG~0.00%

Published-26 Sep, 2023 | 13:35

Updated-24 Sep, 2024 | 13:20

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.

Vendor-Dell Inc.

Product-networker NetWorker

CWE ID-CWE-285

Improper Authorization

CVE-2023-32482

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-4.9||MEDIUM

EPSS-0.08% / 23.63%

||

7 Day CHG~0.00%

Published-20 Jul, 2023 | 11:31

Updated-17 Oct, 2024 | 14:11

Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group.

Vendor-Dell Inc.

Product-wyse_management_suite Wyse Management Suite

CWE ID-CWE-285

Improper Authorization

CWE ID-CWE-863

Incorrect Authorization

CVE-2024-25949

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-1.73% / 81.68%

||

7 Day CHG~0.00%

Published-12 Jun, 2024 | 12:58

Updated-14 Aug, 2024 | 13:27

Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges.

Vendor-Dell Inc.

Product-networking_os10 SmartFabric OS10 Software smartfabric_os10

CWE ID-CWE-285

Improper Authorization

CVE-2021-36276

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-0.04% / 11.39%

||

7 Day CHG~0.00%

Published-09 Aug, 2021 | 21:05

Updated-17 Sep, 2024 | 02:42

Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Vendor-Dell Inc.

Product-dbutildrv2.sys_firmware dbutil

CWE ID-CWE-285

Improper Authorization

CVE-2024-24900

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-5.8||MEDIUM

EPSS-0.11% / 30.18%

||

7 Day CHG~0.00%

Published-01 Mar, 2024 | 13:00

Updated-20 May, 2025 | 18:54

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosure and unauthorized access to the system.

Vendor-Dell Inc.

Product-policy_manager_for_secure_connect_gateway Secure Connect Gateway (SCG) Policy Manager secure_connect_gateway_policy_manager

CWE ID-CWE-285

Improper Authorization

CVE-2022-34446

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-0.05% / 14.32%

||

7 Day CHG~0.00%

Published-10 Feb, 2023 | 20:44

Updated-26 Mar, 2025 | 15:14

PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration.

Vendor-Dell Inc.

Product-powerpath_management_appliance PowerPath Management Appliance

CWE ID-CWE-285

Improper Authorization

CVE-2020-5333

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-4.3||MEDIUM

EPSS-0.11% / 30.24%

||

7 Day CHG~0.00%

Published-04 May, 2020 | 18:50

Updated-16 Sep, 2024 | 16:43

RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information.

Vendor-Dell Inc.RSA Security LLC

Product-archer RSA Archer

CWE ID-CWE-285

Improper Authorization

CWE ID-CWE-863

Incorrect Authorization

CVE-2020-5318

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.31% / 53.63%

||

7 Day CHG~0.00%

Published-06 Feb, 2020 | 17:45

Updated-16 Sep, 2024 | 20:32

Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication.

Vendor-Dell Inc.

Product-emc_isilon_onefs Isilon OneFS

CWE ID-CWE-285

Improper Authorization

CWE ID-CWE-863

Incorrect Authorization

CVE-2023-28378

Matching Score-4

Assigner-Intel Corporation

View Details

Matching Score-4

Assigner-Intel Corporation

CVSS Score-6.7||MEDIUM

EPSS-0.04% / 11.72%

||

7 Day CHG~0.00%

Published-14 Nov, 2023 | 19:05

Updated-02 Aug, 2024 | 12:38

Improper authorization in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

Vendor-n/a Microsoft Corporation Intel Corporation

Product-windows quickassist_technology_library quickassist_technology_firmware quickassist_technology Intel(R) QAT drivers for Windows - HW Version 2.0

CWE ID-CWE-285

Improper Authorization

CVE-2023-38135

Matching Score-4

Assigner-Intel Corporation

View Details

Matching Score-4

Assigner-Intel Corporation

CVSS Score-6.7||MEDIUM

EPSS-0.05% / 16.67%

||

7 Day CHG~0.00%

Published-14 Feb, 2024 | 13:38

Updated-25 Oct, 2024 | 19:41

Improper authorization in some Intel(R) PM software may allow a privileged user to potentially enable escalation of privilege via local access.

Vendor-n/a Intel Corporation

Product-performance_maximizer Intel(R) PM software pm_software

CWE ID-CWE-285

Improper Authorization

CVE-2022-34434

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs