Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-28077

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-10 Feb, 2024 | 03:11
Updated At-02 Aug, 2024 | 12:30
Rejected At-
Credits

Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:10 Feb, 2024 | 03:11
Updated At:02 Aug, 2024 | 12:30
Rejected At:
▼CVE Numbering Authority (CNA)

Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.

Affected Products
Vendor
Dell Inc.Dell
Product
Dell BSAFE SSL-J
Default Status
unaffected
Versions
Affected
  • From 6.0.x through 6.5 (semver)
  • From 7.0 through 7.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-1295CWE-1295: Debug Messages Revealing Unnecessary Information
Type: CWE
CWE ID: CWE-1295
Description: CWE-1295: Debug Messages Revealing Unnecessary Information
Metrics
VersionBase scoreBase severityVector
3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update
vendor-advisory
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:10 Feb, 2024 | 03:15
Updated At:15 Feb, 2024 | 18:40

Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Secondary3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Dell Inc.
dell
>>bsafe_ssl-j>>Versions from 6.0(inclusive) to 6.5.1(exclusive)
cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>bsafe_ssl-j>>Versions from 7.0(inclusive) to 7.1.1(exclusive)
cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE-1295Secondarysecurity_alert@emc.com
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-1295
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-updatesecurity_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

84Records found
CVE-2022-34364
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 10.41%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 19:13
Updated-03 Aug, 2024 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. .

Action-Not Available
Vendor-Dell Inc.
Product-bsafe_ssl-jBSAFE SSL-J
CWE ID-CWE-1295
Debug Messages Revealing Unnecessary Information
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-23158
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.06% / 19.84%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 20:00
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server

Action-Not Available
Vendor-Dell Inc.
Product-wyse_device_agentDell Wyse Device Agent
CWE ID-CWE-183
Permissive List of Allowed Inputs
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-23157
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.05% / 16.11%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 20:00
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A authenticated malicious user could potentially exploit this vulnerability in order to view sensitive information from the WMS Server.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_device_agentDell Wyse Device Agent
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-36285
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.7||MEDIUM
EPSS-0.05% / 14.46%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_9520latitude_7320_firmwarelatitude_7280_firmwarelatitude_9410latitude_5310_2-in-1precision_3551latitude_7212_rugged_extreme_tablet_firmwarelatitude_7212_rugged_extreme_tabletlatitude_7420latitude_7480precision_3640_tower_firmwarelatitude_5500_firmwarelatitude_5511_firmwareoptiplex_3280_aio_firmwarelatitude_5310_2-in-1_firmwarelatitude_5520latitude_5411_firmwarelatitude_5500optiplex_3080_firmwarelatitude_7370latitude_7370_firmwareoptiplex_7480_aiolatitude_7420_firmwarelatitude_5400_firmwarelatitude_7480_firmwarelatitude_5320_firmwarelatitude_5511optiplex_3080latitude_9510precision_3551_ffirmwareoptiplex_7480_aio_firmwarelatitude_5320latitude_9410_firmwarelatitude_9520_firmwarelatitude_9510_firmwareoptiplex_3280_aiolatitude_5411latitude_5520_firmwareprecision_3640_towerlatitude_7280latitude_7320latitude_5400CPG BIOS
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-36284
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.7||MEDIUM
EPSS-0.05% / 14.46%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute force attack.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_9520latitude_7320_firmwarelatitude_7280_firmwarelatitude_9410latitude_5310_2-in-1precision_3551latitude_7212_rugged_extreme_tablet_firmwarelatitude_7212_rugged_extreme_tabletlatitude_7420latitude_7480precision_3640_tower_firmwarelatitude_5500_firmwarelatitude_5511_firmwareoptiplex_3280_aio_firmwarelatitude_5310_2-in-1_firmwarelatitude_5520latitude_5411_firmwarelatitude_5500optiplex_3080_firmwarelatitude_7370latitude_7370_firmwareoptiplex_7480_aiolatitude_7420_firmwarelatitude_5400_firmwarelatitude_7480_firmwarelatitude_5320_firmwarelatitude_5511optiplex_3080latitude_9510precision_3551_ffirmwareoptiplex_7480_aio_firmwarelatitude_5320latitude_9410_firmwarelatitude_9520_firmwarelatitude_9510_firmwareoptiplex_3280_aiolatitude_5411latitude_5520_firmwareprecision_3640_towerlatitude_7280latitude_7320latitude_5400CPG BIOS
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2025-23376
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-2.3||LOW
EPSS-0.03% / 5.08%
||
7 Day CHG~0.00%
Published-28 Apr, 2025 | 14:34
Updated-13 May, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Data Manager Reporting
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-21522
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.04% / 12.09%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 03:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5290_2-in-1latitude_7210_2-in-1_firmwarelatitude_7280_firmwarelatitude_9410xps_13_9360latitude_5310_2-in-1latitude_7290xps_13_9360_firmwarelatitude_7389latitude_7212_rugged_extreme_tablet_firmwarelatitude_7212_rugged_extreme_tabletlatitude_7490_firmwarelatitude_7420latitude_7480precision_3640_tower_firmwarelatitude_7390_firmwarelatitude_5285_2-in-1precision_5520latitude_5310_2-in-1_firmwarelatitude_7380_firmwarelatitude_7370latitude_7370_firmwarexps_13_9370latitude_7390_2-in-1_firmwareprecision_5510_firmwarelatitude_7285latitude_7390latitude_5289_2-in-1latitude_7420_firmwarelatitude_7480_firmwarelatitude_7290_firmwarelatitude_5289_2-in-1_firmwarelatitude_7210_2-in-1latitude_7310_firmwarelatitude_7390_2-in-1precision_5530_2-in-1precision_5530_2-in-1_firmwarelatitude_5285_2-in-1_firmwarexps_15_9575_2-in-1_firmwarelatitude_9510latitude_5290_2-in-1_firmwareprecision_5510latitude_7380latitude_7490latitude_7389_firmwarelatitude_9410_firmwarelatitude_7410precision_5520_firmwarelatitude_9510_firmwarelatitude_7310xps_15_9575_2-in-1precision_3640_towerlatitude_7285_firmwarexps_13_9370_firmwarelatitude_7280latitude_7410_firmwareCPG BIOS
CWE ID-CWE-255
Not Available
CVE-2021-21558
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.06% / 18.86%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 18:05
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-21102
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.02% / 2.83%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 11:25
Updated-24 Jan, 2025 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_s670vxrail_e665_firmwarevxrail_p670n_firmwarevxrail_e665fvxrail_p675nvxrail_p570_vcfvxrail_p580nvxrail_g560_vcfvxrail_v570_firmwarevxrail_e560f_vcfvxrail_p580n_vcfvxrail_v570_vcf_firmwarevxrail_vd-4520c_firmwarevxrail_vd-4000zvxrail_e665f_firmwarevxrail_p570vxrail_p670nvxrail_e560fvxrail_v670fvxrail_d560f_firmwarevxrail_vd-4520cvxrail_e665vxrail_e660nvxrail_e560_vcf_firmwarevxrail_e660f_firmwarevxrail_p570f_firmwarevxrail_p580n_firmwarevxrail_e560nvxrail_v570_vcfvxrail_e660n_firmwarevxrail_p570_firmwarevxrail_e560f_firmwarevxrail_vd-4510cvxrail_g560vxrail_e560n_firmwarevxrail_e665nvxrail_p570_vcf_firmwarevxrail_p675f_firmwarevxrail_e560n_vcfvxrail_e660_firmwarevxrail_e560f_vcf_firmwarevxrail_vd-4000wvxrail_g560_vcf_firmwarevxrail_g560fvxrail_v470vxrail_e460_firmwarevxrail_s570_vcfvxrail_p570f_vcf_firmwarevxrail_p670f_firmwarevxrail_e460vxrail_e660vxrail_e560_vcfvxrail_s670_firmwarevxrail_p670fvxrail_p470_firmwarevxrail_d560vxrail_d560fvxrail_v570vxrail_vd-4510c_firmwarevxrail_e560_firmwarevxrail_s570_vcf_firmwarevxrail_g560_firmwarevxrail_s470vxrail_v470_firmwarevxrail_p570fvxrail_e665n_firmwarevxrail_g560f_firmwarevxrail_v670f_firmwarevxrail_p675n_firmwarevxrail_vd-4000rvxrail_d560_firmwarevxrail_s570vxrail_s470_firmwarevxrail_s570_firmwarevxrail_e660fvxrail_vd-4000r_firmwarevxrail_e560vxrail_vd-4000z_firmwarevxrail_e560n_vcf_firmwarevxrail_p570f_vcfvxrail_vd-4000w_firmwarevxrail_p675fvxrail_p580n_vcf_firmwarevxrail_p470Dell VxRail HCI
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-21111
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.02% / 2.38%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 17:38
Updated-24 Jan, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_s670vxrail_e665_firmwarevxrail_p670n_firmwarevxrail_e665fvxrail_p675nvxrail_p570_vcfvxrail_p580nvxrail_g560_vcfvxrail_v570_firmwarevxrail_e560f_vcfvxrail_p580n_vcfvxrail_v570_vcf_firmwarevxrail_vd-4520c_firmwarevxrail_vd-4000zvxrail_e665f_firmwarevxrail_p570vxrail_p670nvxrail_e560fvxrail_v670fvxrail_d560f_firmwarevxrail_vd-4520cvxrail_e665vxrail_e660nvxrail_e560_vcf_firmwarevxrail_e660f_firmwarevxrail_p570f_firmwarevxrail_p580n_firmwarevxrail_e560nvxrail_v570_vcfvxrail_e660n_firmwarevxrail_p570_firmwarevxrail_e560f_firmwarevxrail_vd-4510cvxrail_g560vxrail_e560n_firmwarevxrail_e665nvxrail_p570_vcf_firmwarevxrail_p675f_firmwarevxrail_e560n_vcfvxrail_e660_firmwarevxrail_e560f_vcf_firmwarevxrail_vd-4000wvxrail_g560_vcf_firmwarevxrail_g560fvxrail_v470vxrail_e460_firmwarevxrail_s570_vcfvxrail_p570f_vcf_firmwarevxrail_p670f_firmwarevxrail_e460vxrail_e660vxrail_e560_vcfvxrail_s670_firmwarevxrail_p670fvxrail_p470_firmwarevxrail_d560vxrail_d560fvxrail_v570vxrail_vd-4510c_firmwarevxrail_e560_firmwarevxrail_s570_vcf_firmwarevxrail_g560_firmwarevxrail_s470vxrail_v470_firmwarevxrail_p570fvxrail_e665n_firmwarevxrail_g560f_firmwarevxrail_v670f_firmwarevxrail_p675n_firmwarevxrail_vd-4000rvxrail_d560_firmwarevxrail_s570vxrail_s470_firmwarevxrail_s570_firmwarevxrail_e660fvxrail_vd-4000r_firmwarevxrail_e560vxrail_vd-4000z_firmwarevxrail_e560n_vcf_firmwarevxrail_p570f_vcfvxrail_vd-4000w_firmwarevxrail_p675fvxrail_p580n_vcf_firmwarevxrail_p470Dell VxRail HCI
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-32483
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 4.12%
||
7 Day CHG~0.00%
Published-20 Jul, 2023 | 11:49
Updated-17 Oct, 2024 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability. An authenticated malicious user having local access to the system running the application could exploit this vulnerability to read sensitive information written to log files.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-34445
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.03% / 5.12%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:41
Updated-26 Mar, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-261
Weak Encoding for Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-31239
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.13% / 32.88%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 18:05
Updated-07 May, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-29503
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.1||MEDIUM
EPSS-0.05% / 15.00%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 21:30
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system directory.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerstorePowerStore
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-39582
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-2.3||LOW
EPSS-0.03% / 7.10%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 09:04
Updated-16 Sep, 2024 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-insightiqPowerScale InsightIQ
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-37135
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-3.3||LOW
EPSS-0.03% / 5.66%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 14:00
Updated-22 Nov, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-dm5500_firmwaredm5500Data Manager Appliance Software (DMAS)
CWE ID-CWE-256
Plaintext Storage of a Password
CVE-2024-52543
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 1.52%
||
7 Day CHG~0.00%
Published-25 Dec, 2024 | 15:13
Updated-29 Jan, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure Permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-nativeedge_orchestratorNativeEdge
CWE ID-CWE-378
Creation of Temporary File With Insecure Permissions
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2024-38296
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.71%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 02:58
Updated-04 Feb, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-edge_gateway_5200intel_management_engine_firmware_update_utilityedge_gateway_3200Edge Gateway 5200edge_gateway_5200_firmware
CWE ID-CWE-1421
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution
CVE-2016-0887
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.94% / 75.20%
||
7 Day CHG~0.00%
Published-12 Apr, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.

Action-Not Available
Vendor-n/aDell Inc.
Product-bsafe_ssl-jbsafe_ssl-cbsafe_micro-edition-suitebsafe_crypto-jbsafe_crypto-c-micro-editionn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-36341
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.38%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:05
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A local authenticated user with low privileges could potentially exploit this vulnerability in order to access sensitive information.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_device_agentDell Wyse Device Agent
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-4057
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.89%
||
7 Day CHG~0.00%
Published-21 Feb, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network.

Action-Not Available
Vendor-n/aDell Inc.
Product-vce_vision_intelligent_operationsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-15765
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-3.4||LOW
EPSS-0.15% / 36.35%
||
7 Day CHG~0.00%
Published-18 Oct, 2018 | 22:00
Updated-16 Sep, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks.

Action-Not Available
Vendor-Dell Inc.
Product-emc_secure_remote_servicesESRS Virtual Edition
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-38746
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-3.5||LOW
EPSS-0.02% / 4.33%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 19:53
Updated-18 Aug, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_os_recoverySupportAssist OS Recovery
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-48671
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.61%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 16:15
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A remote attacker could potentially exploit this vulnerability leading to obtain sensitive information that may aid in further attacks.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermax_virtual_appliancesolutions_enabler_virtual_appliancepowermax_osvApp Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-15773
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.18%
||
7 Day CHG~0.00%
Published-05 Dec, 2018 | 18:00
Updated-16 Sep, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dell Encryption Enterprise \ Dell Data Protection Encryption Information Disclosure Vulnerability

Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of sensitive system files.

Action-Not Available
Vendor-Dell Inc.
Product-data_protection_\|_encryptionDell Encryption (formerly Dell Data Protection | Encryption)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-45103
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.11%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 14:31
Updated-03 Apr, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.

Action-Not Available
Vendor-Dell Inc.
Product-emc_solutions_enabler_virtual_applianceemc_vasa_provider_virtual_appliancevasa_provideremc_unisphere_for_powermaxpowermax_osemc_unisphere_for_powermax_virtual_appliancesolutions_enablerunisphere_360Unisphere for PowerMax vApp
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-21587
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-5.40% / 89.74%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 16:15
Updated-16 Sep, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-21536
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 17.57%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 17:40
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to register the client to a server in order to view sensitive information.

Action-Not Available
Vendor-Dell Inc.
Product-hybrid_clientDell Hybrid Client (DHC)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-21590
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.12% / 31.25%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 15:40
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-21584
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.7||HIGH
EPSS-0.24% / 46.21%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 21:05
Updated-17 Sep, 2024 | 02:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_enterprise-modularopenmanage_enterpriseDell OpenManage Enterprise
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-21564
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 73.05%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 21:05
Updated-17 Sep, 2024 | 03:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_enterpriseDell OpenManage Enterprise
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2021-21537
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 17.57%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 17:40
Updated-16 Sep, 2024 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to view and exfiltrate sensitive information on the system.

Action-Not Available
Vendor-Dell Inc.
Product-hybrid_clientDell Hybrid Client (DHC)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-21596
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.6||CRITICAL
EPSS-1.32% / 79.02%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 21:05
Updated-17 Sep, 2024 | 03:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability leading to information disclosure and a possible elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_enterprise-modularopenmanage_enterpriseDell OpenManage Enterprise
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-21512
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.9||HIGH
EPSS-0.05% / 15.48%
||
7 Day CHG~0.00%
Published-19 Feb, 2021 | 16:30
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerprotect_cyber_recoveryCyber Recovery
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-21591
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.12% / 31.25%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 15:40
Updated-17 Sep, 2024 | 03:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-33919
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.53%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 19:25
Updated-15 May, 2025 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell GeoDrive, versions 2.1 - 2.2, contains an information disclosure vulnerability in GUI. An authenticated non-admin user could potentially exploit this vulnerability and view sensitive information.

Action-Not Available
Vendor-Dell Inc.
Product-geodriveGeoDrive
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-48011
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-3.1||LOW
EPSS-0.11% / 29.95%
||
7 Day CHG+0.01%
Published-08 Nov, 2024 | 02:30
Updated-26 Nov, 2024 | 02:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect DD
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-32476
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 11.28%
||
7 Day CHG~0.00%
Published-20 Jul, 2023 | 13:00
Updated-24 Oct, 2024 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability. An unauthenticated malicious user on the device can access hard coded secrets in javascript files.

Action-Not Available
Vendor-Dell Inc.
Product-hybrid_clientDell Hybrid Client (DHC)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-32495
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.77%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 13:00
Updated-08 Oct, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability. An authorized local attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8217
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-3.7||LOW
EPSS-0.28% / 50.63%
||
7 Day CHG~0.00%
Published-03 Feb, 2017 | 07:24
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file to the toolkit and guess the current MAC one byte at a time. This is possible because Crypto-J uses a non-constant-time method to compare the stored MAC with the calculated MAC. This vulnerability is similar to the issue described in CVE-2015-2601.

Action-Not Available
Vendor-n/aDell Inc.
Product-bsafe_crypto-jRSA BSAFE Crypto-J RSA BSAFE Crypto-J versions prior to 6.2.2
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-31238
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.7||MEDIUM
EPSS-0.10% / 28.35%
||
7 Day CHG+0.03%
Published-22 Aug, 2022 | 16:50
Updated-16 Sep, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-31221
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-2.3||LOW
EPSS-0.04% / 12.84%
||
7 Day CHG~0.00%
Published-12 Sep, 2022 | 18:35
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the system.

Action-Not Available
Vendor-Dell Inc.
Product-precision_3660_towerinspiron_16_plus_7620_firmwareinspiron_7420xps_17_9720_firmwareinspiron_5620optiplex_7400vostro_3910optiplex_7000vostro_7620_firmwareinspiron_7420_firmwareoptiplex_5000_firmwareprecision_3660_tower_firmwareoptiplex_7000_oemoptiplex_5000inspiron_7620_firmwarechengming_3900optiplex_3000inspiron_5420chengming_3900_firmwarexps_17_9720vostro_3910_firmwareprecision_5770inspiron_16_plus_7620inspiron_14_plus_7420vostro_3710_firmwarevostro_5320vostro_5620_firmwarevostro_7620optiplex_3000_thin_clientinspiron_5620_firmwareoptiplex_5400inspiron_5320_firmwarevostro_5620precision_5770_firmwareinspiron_14_plus_7420_firmwareoptiplex_5400_firmwareoptiplex_3000_thin_client_firmwareoptiplex_3000_firmwareoptiplex_7000_firmwareinspiron_5320inspiron_3910vostro_3710vostro_5320_firmwareoptiplex_7400_firmwareinspiron_3910_firmwareinspiron_5420_firmwareprecision_3460_small_form_factor_firmwareoptiplex_7000_oem_firmwareprecision_3460_small_form_factorinspiron_7620CPG BIOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-5330
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-17.23% / 94.77%
||
7 Day CHG~0.00%
Published-10 Apr, 2020 | 18:55
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.

Action-Not Available
Vendor-Dell Inc.
Product-r1-2401pc5500_firmwarepc5500x4012r1-2401_firmwarer1-2210x1000_firmwarer1-2210_firmwarex1000x4012_firmwareDell PowerConnect
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-25536
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.38%
||
7 Day CHG~0.00%
Published-02 Mar, 2023 | 15:55
Updated-05 Mar, 2025 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to a potential system takeover.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-25544
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.26%
||
7 Day CHG~0.00%
Published-01 Mar, 2023 | 14:26
Updated-07 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerDell NetWorker, NVE
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-26869
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-3.19% / 86.47%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 21:00
Updated-16 Sep, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution.

Action-Not Available
Vendor-Dell Inc.
Product-powerstore_xpowerstore_tpowerstoreosPowerStore
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-24410
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 5.16%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 10:34
Updated-24 Mar, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_3480_aio_firmwareinspiron_3470inspiron_5583inspiron_7300_firmwarelatitude_3520inspiron_7500_firmwareinspiron_5591_2-in-1alienware_m15_r1alienware_aurora_r7_firmwareinspiron_3480_aioinspiron_5680inspiron_5590_firmwareinspiron_5477_firmwareg7_17_7790_firmwareinspiron_5493inspiron_3891_firmwareinspiron_5570inspiron_7490alienware_15_r3_firmwareinspiron_15_3511_firmwareinspiron_5501latitude_3390_2-in-1alienware_15_r4inspiron_5490_firmwareinspiron_5390_firmwarelatitude_3310_2-in-1alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_5502inspiron_7501inspiron_7300_2-in-1latitude_3190_2-in-1alienware_m15_r1_firmwarealienware_m17_r3_firmwareinspiron_3891g3_3500latitude_3180inspiron_7300_2-in-1_firmwareinspiron_7706_2-in-1_firmwarealienware_17_r3_firmwareinspiron_3268alienware_aurora_r11g15_5511_firmwarelatitude_3470g5_15_5500_firmwareg7_17_7700_firmwareinspiron_5490_aio_firmwareinspiron_5491_aioinspiron_7000latitude_3420inspiron_14_5410_2-in-1_firmwareinspiron_3780inspiron_3782latitude_3590_firmwarealienware_m15_r2inspiron_7490_firmwareinspiron_5409latitude_3400_firmwarelatitude_3510inspiron_3502_firmwareinspiron_5584inspiron_3471inspiron_3880_firmwareinspiron_5310_firmwareinspiron_5501_firmwareg5_5090g7_15_7500inspiron_5493_firmwarelatitude_3400inspiron_14_5410_2-in-1inspiron_3480_firmwarelatitude_3420_firmwarealienware_m15_r3g5_5000inspiron_5480_2-in-1inspiron_5491_2-in-1_firmwareinspiron_7506_2-in-1_firmwarelatitude_3470_firmwarealienware_m17_r4_firmwareinspiron_7777inspiron_3790latitude_3570inspiron_5491_aio_firmwarelatitude_3190_firmwareinspiron_5494latitude_3301g3_3779_firmwareinspiron_5594alienware_aurora_r8inspiron_7000_firmwareinspiron_7391_2-in-1inspiron_5508_firmwarelatitude_3500_firmwareinspiron_5400inspiron_5477chengming_3991chengming_3977inspiron_7501_firmwareinspiron_5480latitude_3190alienware_aurora_r8_firmwareinspiron_7500_2-in-1_blackinspiron_3881_firmwareinspiron_3471_firmwarealienware_aurora_r11_firmwareinspiron_7510_firmwarelatitude_3590inspiron_3580_firmwareinspiron_3781_firmwareinspiron_7500_2-in-1_black_firmwareinspiron_7591_2-in-1chengming_3990inspiron_5301inspiron_3280_firmwarelatitude_3310inspiron_3493alienware_area_51m_r1inspiron_5402latitude_13_3380_firmwareinspiron_3582inspiron_7700_aioinspiron_5593chengming_3988_firmwareinspiron_3668inspiron_5770alienware_m17_r2_firmwareinspiron_3584latitude_3580latitude_3410_firmwareinspiron_7510inspiron_3668_firmwareinspiron_7400_firmwareinspiron_3493_firmwareinspiron_7791_2-in-1latitude_3320latitude_3190_2-in-1_firmwareinspiron_5583_firmwareinspiron_5480_firmwareinspiron_3590inspiron_3477_firmwarelatitude_3189inspiron_7590latitude_13_3380alienware_m15_r6_firmwareembedded_box_pc_5000latitude_3301_firmwarelatitude_3320_firmwareinspiron_3502inspiron_3580g3_3579alienware_aurora_r9inspiron_5591_2-in-1_firmwarealienware_area_51m_r2_firmwarealienware_m15_r4_firmwareinspiron_7391_2-in-1_firmwarealienware_15_r3inspiron_15_3511inspiron_5310latitude_3379_firmwarealienware_m17_r3inspiron_7610g7_17_7790inspiron_5400_2-in-1alienware_15_r2_firmwareg7_17_7700inspiron_5401_aio_firmwareinspiron_7610_firmwareinspiron_5400_2-in-1_firmwareg7_15_7590inspiron_3593_firmwarealienware_m17_r4inspiron_5494_firmwareg5_5000_firmwarelatitude_3310_2-in-1_firmwareinspiron_5680_firmwarealienware_m15_r3_firmwareinspiron_3671_firmwareg7_15_7500_firmwarelatitude_3310_firmwareinspiron_3590_firmwareinspiron_3781inspiron_5300_firmwarelatitude_3570_firmwarealienware_13_r2_firmwareinspiron_7306_2-in-1_firmwareg3_3579_firmwareinspiron_5509latitude_3480_firmwarelatitude_3189_firmwarealienware_17_r5alienware_m15_r2_firmwareinspiron_5406_2-in-1_firmwarealienware_15_r2inspiron_7500_2-in-1_silver_firmwareinspiron_5570_firmwarealienware_aurora_r7inspiron_5300inspiron_5508inspiron_7706_2-in-1chengming_3980_firmwareinspiron_5491_2-in-1inspiron_3481inspiron_3780_firmwareinspiron_3582_firmwarelatitude_3510_firmwarelatitude_3120_firmwareinspiron_5590inspiron_3593inspiron_5301_firmwareg3_15_3590_firmwareinspiron_3671inspiron_3481_firmwareinspiron_5408_firmwarealienware_17_r4inspiron_7306_2-in-1inspiron_3790_firmwareinspiron_3584_firmwareinspiron_3480inspiron_5770_firmwarelatitude_3490inspiron_3670inspiron_7300inspiron_3793_firmwarelatitude_3180_firmwareinspiron_5402_firmwarealienware_m17_r1_firmwareinspiron_3581_firmwarelatitude_3300_firmwareinspiron_5406_2-in-1alienware_15_r4_firmwarelatitude_3490_firmwareinspiron_3490inspiron_7506inspiron_3670_firmwareinspiron_5408inspiron_5490inspiron_3501_firmwareinspiron_7777_firmwareinspiron_3482_firmwareinspiron_3880g3_3500_firmwareinspiron_3277latitude_3410inspiron_5391g5_15_5590_firmwareg5_15_5590inspiron_5480_2-in-1_firmwareinspiron_3881inspiron_3482g7_15_7590_firmwarealienware_m17_r1alienware_area_51m_r2inspiron_7500_2-in-1_silverlatitude_3480inspiron_3501alienware_13_r2alienware_13_r3_firmwareinspiron_3782_firmwarelatitude_3500inspiron_3793alienware_m15_r4alienware_m15_r6inspiron_7591inspiron_7790chengming_3988inspiron_7500inspiron_7790_firmwareg15_5511alienware_13_r3inspiron_3477latitude_3300latitude_3379inspiron_5584_firmwareinspiron_3277_firmwareinspiron_5401_firmwarelatitude_3390_2-in-1_firmwarechengming_3990_firmwareinspiron_3268_firmwarelatitude_3120inspiron_5594_firmwarechengming_3980inspiron_5401_aiog5_15_5500alienware_17_r4_firmwareinspiron_7700_aio_firmwareinspiron_5509_firmwareinspiron_5593_firmwarelatitude_3580_firmwarealienware_aurora_r9_firmwareg5_5090_firmwareinspiron_3280alienware_17_r3g3_15_3590chengming_3977_firmwareinspiron_5391_firmwarelatitude_3520_firmwareinspiron_5502_firmwareinspiron_5490_aiochengming_3991_firmwareembedded_box_pc_5000_firmwareinspiron_7791_2-in-1_firmwareinspiron_3490_firmwareinspiron_5409_firmwareinspiron_7400inspiron_5390g3_3779inspiron_5401inspiron_3581inspiron_5400_firmwarealienware_17_r5_firmwareCPG BIOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-35167
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.8||MEDIUM
EPSS-0.65% / 69.84%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 19:25
Updated-16 Sep, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

Action-Not Available
Vendor-Oracle CorporationDell Inc.
Product-http_serverweblogic_server_proxy_plug-inbsafe_crypto-c-micro-editiondatabasebsafe_micro-edition-suitesecurity_serviceDell BSAFE Crypto-C Micro Edition
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-24567
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.26%
||
7 Day CHG~0.00%
Published-01 Mar, 2023 | 14:22
Updated-07 Mar, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerDell NetWorker, NVE
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-24414
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-0.33% / 54.95%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-17 Sep, 2024 | 00:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks.

Action-Not Available
Vendor-Dell Inc.
Product-cloudlinkCloudLink
CWE ID-CWE-598
Use of GET Request Method With Sensitive Query Strings
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • Next
Details not found