Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-22397

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-06 Nov, 2025 | 18:46
Updated At-06 Nov, 2025 | 19:30
Rejected At-
Credits

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:06 Nov, 2025 | 18:46
Updated At:06 Nov, 2025 | 19:30
Rejected At:
▼CVE Numbering Authority (CNA)

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Affected Products
Vendor
Dell Inc.Dell
Product
Integrated Dell Remote Access Controller 9 14G Versions
Default Status
unaffected
Versions
Affected
  • From N/A before 7.00.00.181 (semver)
Vendor
Dell Inc.Dell
Product
Integrated Dell Remote Access Controller 9 15G and 16G versions
Default Status
unaffected
Versions
Affected
  • From 6.10.80.00 before 7.20.10.50 (semver)
Vendor
Dell Inc.Dell
Product
Integrated Dell Remote Access Controller 10 17G version
Default Status
unaffected
Versions
Affected
  • From N/A before 1.20.25.00 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Type: CWE
CWE ID: CWE-22
Description: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000384516/dsa-2025-376-security-update-for-dell-idrac9-and-idrac10-vulnerabilities
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000384516/dsa-2025-376-security-update-for-dell-idrac9-and-idrac10-vulnerabilities
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:06 Nov, 2025 | 19:15
Updated At:21 Jan, 2026 | 20:07

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H
Primary3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H
Type: Primary
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Dell Inc.
dell
>>idrac9_firmware>>Versions from 6.10.80.00(inclusive) to 7.00.00.181(exclusive)
cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>idrac9_firmware>>Versions from 7.00.00.183(inclusive) to 7.20.10.50(exclusive)
cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>idrac9>>-
cpe:2.3:h:dell:idrac9:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>idrac10_firmware>>Versions before 1.20.25.00(exclusive)
cpe:2.3:o:dell:idrac10_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>idrac10>>-
cpe:2.3:h:dell:idrac10:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Secondarysecurity_alert@emc.com
CWE ID: CWE-22
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000384516/dsa-2025-376-security-update-for-dell-idrac9-and-idrac10-vulnerabilitiessecurity_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000384516/dsa-2025-376-security-update-for-dell-idrac9-and-idrac10-vulnerabilities
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

259Records found
CVE-2021-21514
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-28.05% / 96.57%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 16:00
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_server_administratorDell Open Manage Server Administrator
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-3720
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-3.86% / 88.44%
||
7 Day CHG~0.00%
Published-25 Apr, 2019 | 20:17
Updated-16 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Directory Traversal Vulnerability

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters.

Action-Not Available
Vendor-Dell Inc.
Product-emc_openmanage_server_administratorOpen Manage System Administrator
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21569
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.51% / 66.96%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-29097
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.20% / 42.27%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 17:00
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-23374
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8||HIGH
EPSS-0.19% / 41.36%
||
7 Day CHG~0.00%
Published-30 Jan, 2025 | 04:14
Updated-07 Feb, 2025 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-enterprise_sonic_distributionEnterprise SONiC OS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-48661
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.15% / 35.89%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 15:55
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermax_virtual_appliancesolutions_enabler_virtual_appliancepowermax_osvApp Manager
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2023-32478
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9||CRITICAL
EPSS-0.21% / 43.89%
||
7 Day CHG~0.00%
Published-21 Jul, 2023 | 05:34
Updated-21 Oct, 2024 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerstoreosPowerStore
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-21570
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.44% / 63.42%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-3733
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.05% / 16.36%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 21:48
Updated-16 Sep, 2024 | 23:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

Action-Not Available
Vendor-Dell Inc.ELAN Microelectronics Corporation
Product-bsafe_crypto-c-micro-editionrsa_bsafe_crypto-cRSA BSAFE MESRSA BSAFE Crypto-C Micro Edition
CWE ID-CWE-316
Cleartext Storage of Sensitive Information in Memory
CWE ID-CWE-459
Incomplete Cleanup
CVE-2026-26948
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 18.59%
||
7 Day CHG~0.00%
Published-18 Mar, 2026 | 17:40
Updated-19 Mar, 2026 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-Integrated Dell Remote Access Controller
CWE ID-CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
CVE-2025-30477
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.13% / 31.36%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 16:32
Updated-06 Aug, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions prior to 9.11.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-27695
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.28% / 52.07%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 19:06
Updated-11 Jul, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-37136
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.27% / 50.33%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 05:42
Updated-05 Sep, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-path_to_powerprotectPath to Power
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2024-28971
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-3.5||LOW
EPSS-0.23% / 45.65%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 15:37
Updated-27 Jan, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_enterprise_update_managerUpdate Manager Plugin
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-29173
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.28% / 51.62%
||
7 Day CHG~0.00%
Published-26 Jun, 2024 | 02:51
Updated-03 Feb, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client.

Action-Not Available
Vendor-Dell Inc.
Product-dd3300dd6400apex_protection_storagedm5500dd9400dd9910dd9410dd9900data_domain_operating_systemdd6900PowerProtect DD
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-32468
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.8||MEDIUM
EPSS-0.19% / 40.26%
||
7 Day CHG~0.00%
Published-26 Jul, 2023 | 07:11
Updated-21 Oct, 2024 | 13:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure of this sensitive data.

Action-Not Available
Vendor-Dell Inc.
Product-ecs_streamerECS Streamer
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-31229
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.6||CRITICAL
EPSS-0.29% / 52.39%
||
7 Day CHG~0.00%
Published-28 Jun, 2022 | 18:40
Updated-17 Sep, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2022-29089
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.19% / 40.73%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 20:30
Updated-20 May, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10Dell Networking OS10
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-46676
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-2.7||LOW
EPSS-0.01% / 1.75%
||
7 Day CHG-0.01%
Published-09 Jan, 2026 | 15:48
Updated-05 Feb, 2026 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain with Data Domain Operating System (DD OS) Feature ReleasePowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2025PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-27693
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.27% / 50.80%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 00:19
Updated-11 Jul, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26335
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.8||MEDIUM
EPSS-0.23% / 46.03%
||
7 Day CHG~0.00%
Published-11 Apr, 2025 | 01:20
Updated-14 Jan, 2026 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Cyber Recovery, versions prior to 19.18.0.2, contains an Insertion of Sensitive Information Into Sent Data vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_cyber_recoveryPowerProtect Cyber Recovery
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CVE-2025-26482
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 14.98%
||
7 Day CHG~0.00%
Published-25 Sep, 2025 | 21:11
Updated-16 Jan, 2026 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_t560_firmwarepoweredge_xe8640_firmwarexc_core_xc660poweredge_r7615poweredge_r6415_firmwareemc_xc_core_6420_systempoweredge_xr7620poweredge_c6520_firmwarepoweredge_xe9640poweredge_r6615_firmwarepoweredge_r750xs_firmwarepoweredge_r7725_firmwarepoweredge_r7725emc_xc_core_xc7525poweredge_r760_firmwarepoweredge_r6715poweredge_r860xc_core_xc760xapoweredge_r650_firmwareidrac9poweredge_xe9680poweredge_c6420emc_xc_core_xcxr2poweredge_t440poweredge_hs5610_firmwarepoweredge_xr7620_firmwareemc_storage_nx3240_firmwareemc_xc_core_xc6520_firmwarepoweredge_r6625_firmwarepoweredge_r240_firmwareemc_xc_core_xc650poweredge_r7525poweredge_xe2420emc_xc_core_xc750xa_firmwarepoweredge_xr2_firmwareemc_xc_core_xc940_systempoweredge_r6515poweredge_r760poweredge_r340poweredge_r260poweredge_r840_firmwarepoweredge_r6415poweredge_xr2poweredge_t360poweredge_mx840cemc_xc_core_6420_system_firmwarepoweredge_r250poweredge_xe7420_firmwarepoweredge_r260_firmwarepoweredge_r670_firmwarepoweredge_t340_firmwarepoweredge_t350poweredge_t560poweredge_xr5610poweredge_mx750c_firmwareemc_xc_core_xc740xd_systempoweredge_hs5620_firmwarepoweredge_xr4510c_firmwarepoweredge_c6615_firmwarepoweredge_r940xa_firmwarexc_core_xc760_firmwareemc_xc_core_xc450_firmwareemc_xc_core_xc750poweredge_r940xapoweredge_xr8620tpoweredge_r7625_firmwarepoweredge_xr11_firmwarepoweredge_t350_firmwarepoweredge_r840poweredge_c6525_firmwarepoweredge_mx760cpoweredge_xe9680_firmwarepoweredge_m640_firmwaredss_8440poweredge_xe7440_firmwarepoweredge_r7415_firmwarepoweredge_r6725poweredge_r940_firmwarepoweredge_xr11dss_8440_firmwarepoweredge_hs5620xc_core_xc660xspoweredge_r540_firmwarepoweredge_r640_firmwarepoweredge_r640poweredge_c4140_firmwarepoweredge_r740_firmwarepoweredge_xe8545poweredge_r750xa_firmwarepoweredge_r440_firmwarepoweredge_r740xd2emc_nx440poweredge_xr12_firmwarepoweredge_t140poweredge_r550_firmwarepoweredge_xr8610t_firmwarepoweredge_r240poweredge_r360_firmwarepoweredge_xr8610tpoweredge_r7715emc_xc_core_xc640_system_firmwarepoweredge_r750xspoweredge_xe7440poweredge_r7515_firmwarepoweredge_r7515poweredge_r770poweredge_r470_firmwarepoweredge_r350_firmwarepoweredge_t360_firmwarepoweredge_r960_firmwarepoweredge_r660poweredge_r940poweredge_r7525_firmwarepoweredge_xe8640xc_core_xc7625poweredge_r650xs_firmwarexc_core_xc660_firmwarepoweredge_r750_firmwarepoweredge_xe9680lpoweredge_mx760c_firmwarepoweredge_r760xs_firmwareemc_nx440_firmwarepoweredge_xr5610_firmwarepoweredge_r770_firmwarepoweredge_r740poweredge_c6420_firmwarepoweredge_r470emc_storage_nx3340poweredge_r6625poweredge_r760xd2poweredge_r750xapoweredge_c6620_firmwarepoweredge_r340_firmwarexc_core_xc760poweredge_c6620poweredge_r7425poweredge_r360emc_storage_nx3240emc_xc_core_xc450poweredge_r440poweredge_xr12poweredge_xe9680l_firmwareidrac9_firmwarepoweredge_r570poweredge_r540poweredge_t160poweredge_r740xdpoweredge_mx740c_firmwarepoweredge_r650xsemc_xc_core_xc750xapoweredge_r7615_firmwarepoweredge_mx840c_firmwarepoweredge_r350poweredge_r860_firmwarepoweredge_r6515_firmwarepoweredge_t550poweredge_r450_firmwarexc_core_xc7625_firmwarepoweredge_r660xs_firmwarepoweredge_mx750cpoweredge_r550poweredge_hs5610poweredge_t640_firmwareemc_xc_core_xc740xd_system_firmwarepoweredge_r760xd2_firmwarepoweredge_r760xa_firmwarepoweredge_r7715_firmwarepoweredge_t140_firmwarepoweredge_c6615poweredge_r6615emc_xc_core_xcxr2_firmwarepoweredge_r650poweredge_r6525_firmwareemc_xc_core_xc740xd2poweredge_c4140poweredge_t340poweredge_r960emc_xc_core_xc940_system_firmwarepoweredge_fc640emc_xc_core_xc650_firmwarepoweredge_r760xapoweredge_r7415poweredge_t640poweredge_xe9640_firmwarepoweredge_xe7420emc_xc_core_xc740xd2_firmwarexc_core_xc760xa_firmwarepoweredge_xr4520cpoweredge_c6520poweredge_r6525poweredge_xr4510cemc_storage_nx3340_firmwarepoweredge_r660_firmwarepoweredge_mx740cpoweredge_xe8545_firmwarepoweredge_t440_firmwarepoweredge_r6725_firmwareemc_xc_core_xc750_firmwarepoweredge_t150poweredge_xe2420_firmwarepoweredge_r7625poweredge_r250_firmwarexc_core_xc660xs_firmwarepoweredge_r450poweredge_r570_firmwarepoweredge_t550_firmwarepoweredge_t150_firmwarepoweredge_r6715_firmwarepoweredge_r740xd_firmwareemc_xc_core_xc7525_firmwareemc_xc_core_xc640_systempoweredge_t160_firmwarepoweredge_r760xspoweredge_xr4520c_firmwarepoweredge_m640poweredge_r740xd2_firmwarepoweredge_r750poweredge_r660xsemc_xc_core_xc6520poweredge_c6525poweredge_fc640_firmwarepoweredge_xr8620t_firmwarepoweredge_r670poweredge_r7425_firmwarePowerEdge XR7620PowerEdge R860iDRAC9PowerEdge XR11PowerEdge R450PowerEdge XE8640PowerEdge R570Dell EMC XC Core XC940 SystemPowerEdge R760xaPowerEdge XR8620tPowerEdge T140PowerEdge XE7420PowerEdge XR2Dell EMC Storage NX3240PowerEdge R750XSPowerEdge R7715Dell EMC XC Core XC6520PowerEdge R6525PowerEdge M640PowerEdge R770PowerEdge R940XADell EMC XC Core XCXR2DSS 8440PowerEdge C4140PowerEdge HS5620PowerEdge R650Dell EMC Storage NX3340PowerEdge HS5610PowerEdge XR5610PowerEdge R7525Dell EMC XC Core XC740xd2PowerEdge R540Dell XC Core XC760PowerEdge C6620Dell EMC XC Core XC740xd SystemPowerEdge R760xd2Dell EMC XC Core XC7525PowerEdge R660PowerEdge T350PowerEdge R7515PowerEdge R740XDPowerEdge R760Dell EMC XC Core XC450PowerEdge C6525PowerEdge T640Dell XC Core XC660PowerEdge R960Dell EMC XC Core XC640 SystemPowerEdge T340PowerEdge R7725PowerEdge R240PowerEdge T550PowerEdge R6615PowerEdge R6725PowerEdge T560PowerEdge T440Dell XC Core XC660xsPowerEdge XE9680PowerEdge R7625PowerEdge XE9640PowerEdge XE8545PowerEdge R760xsPowerEdge XE9680LPowerEdge R550PowerEdge C6615PowerEdge FC640Dell EMC NX440Dell EMC XC Core XC750xaPowerEdge R650XSPowerEdge R940PowerEdge XR8610tPowerEdge R360PowerEdge MX760cPowerEdge R250PowerEdge T150PowerEdge MX740CPowerEdge R6515PowerEdge R660xsPowerEdge R7425PowerEdge R6415PowerEdge M640 (for PE VRTX)PowerEdge C6520PowerEdge R640PowerEdge XE2420PowerEdge XR4520cDell EMC XC Core 6420 SystemPowerEdge XE7440PowerEdge R750XAPowerEdge R440PowerEdge R6625Dell XC Core XC760xaPowerEdge R840PowerEdge XR4510cPowerEdge R470PowerEdge R670PowerEdge R350PowerEdge R750PowerEdge R6715PowerEdge XR12PowerEdge C6420PowerEdge T360Dell EMC XC Core XC650PowerEdge T160PowerEdge MX840CPowerEdge R340PowerEdge R7615PowerEdge R740XD2PowerEdge MX750CPowerEdge R740Dell EMC XC Core XC750PowerEdge R260PowerEdge R7415Dell XC Core XC7625
CWE ID-CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
CVE-2017-8007
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-1.65% / 82.34%
||
7 Day CHG~0.00%
Published-22 Sep, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.

Action-Not Available
Vendor-n/aDell Inc.
Product-emc_vipr_srmemc_storage_monitoring_and_reportingemc_vnx_monitoring_and_reportingemc_m\&rEMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-28265
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 3.62%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 07:41
Updated-02 Apr, 2026 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.

Action-Not Available
Vendor-Dell Inc.
Product-powerstore_5200qpowerstore_5000tpowerstore_1000tpowerstore_3200qpowerstore_7000tpowerstoreospowerstore_1200tpowerstore_3200tpowerstore_500tpowerstore_3000tpowerstore_9200tpowerstore_5200tpowerstore_9000tPowerStore 5000TPowerStorePowerStore 9000TPowerStore 9200TPowerStore 500TPowerStore 3200TPowerStore 7000TPowerStore 5200TPowerStore 5200QPowerStore 3000TPowerStore 3200QPowerStore 1000TPowerStore 1200T
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-35
Path Traversal: '.../...//'
CVE-2026-22762
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 18.95%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 19:53
Updated-06 Mar, 2026 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary file delete.

Action-Not Available
Vendor-Dell Inc.
Product-Avamar Virtual EditionPowerProtect DP Series Appliance (IDPA)Avamar Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-48660
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.51%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 15:51
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermax_virtual_appliancesolutions_enabler_virtual_appliancepowermax_os vApp Manger
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-44278
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 23.57%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 15:17
Updated-02 Aug, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_domainpowerprotect_data_protectiondd9400dp5900apex_protection_storagepowerprotect_data_domain_management_centerdd6400emc_data_domain_osdd3300dd9900dd6900dp4400PowerProtect DD
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-44306
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-1.70% / 82.66%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 08:32
Updated-01 Oct, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem.

Action-Not Available
Vendor-Dell Inc.
Product-dm5500_firmwaredm5500Dell PowerProtect Data Manager DM5500 Appliance
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-43070
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 18.05%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 17:38
Updated-19 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_storage_softwareDell SmartFabric Storage Software
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-29495
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-10||CRITICAL
EPSS-15.49% / 94.80%
||
7 Day CHG~0.00%
Published-14 Jan, 2021 | 21:10
Updated-16 Sep, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_avamar_serverAvamar
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-29494
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.7||HIGH
EPSS-0.94% / 76.61%
||
7 Day CHG~0.00%
Published-14 Jan, 2021 | 21:10
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_avamar_serverAvamar
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-36288
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.6||HIGH
EPSS-0.93% / 76.53%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 19:50
Updated-16 Sep, 2024 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files

Action-Not Available
Vendor-Dell Inc.
Product-vnxe1600vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX2
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-36286
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.07% / 20.27%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-16 Sep, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_client_consumerSupportAssist Client Consumer
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-21586
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-48.98% / 97.83%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 16:15
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-36
Absolute Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-7270
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.84% / 75.03%
||
7 Day CHG~0.00%
Published-10 Apr, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.

Action-Not Available
Vendor-n/aDell Inc.
Product-integrated_remote_access_controller_firmwareintegrated_remote_access_controller_8integrated_remote_access_controller_7integrated_remote_access_controller_6Dell Integrated Remote Access Controller (iDRAC)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-3304
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-13.62% / 94.39%
||
7 Day CHG~0.00%
Published-30 Oct, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.

Action-Not Available
Vendor-n/aDell Inc.
Product-equallogic_ps4000_firmwaren/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-5366
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.43% / 62.65%
||
7 Day CHG~0.00%
Published-09 Jul, 2020 | 13:45
Updated-16 Sep, 2024 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareidrac9Integrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-5377
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.1||CRITICAL
EPSS-80.05% / 99.13%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:50
Updated-17 Sep, 2024 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station.

Action-Not Available
Vendor-Dell Inc.
Product-emc_openmanage_server_administratorDell Open Manage Server Administrator
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-3737
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.6||HIGH
EPSS-0.42% / 62.25%
||
7 Day CHG~0.00%
Published-19 Jun, 2019 | 22:28
Updated-16 Sep, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dell EMC Avamar Security Update for ADMe Web UI Vulnerability

Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.

Action-Not Available
Vendor-Dell Inc.
Product-avamar_data_migration_enabler_web_interfaceAvamar
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-3744
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.10%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 19:13
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryAlienware Digital DeliveryDell Digital Delivery
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-51534
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.97%
||
7 Day CHG~0.00%
Published-01 Feb, 2025 | 04:02
Updated-12 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect DD
CWE ID-CWE-29
Path Traversal: '\..\filename'
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-27101
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.7||MEDIUM
EPSS-0.34% / 57.27%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 07:27
Updated-02 Apr, 2026 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker within the management network could potentially exploit this vulnerability, leading to remote execution.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34378
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.57%
||
7 Day CHG~0.00%
Published-02 Sep, 2022 | 17:30
Updated-17 Sep, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34426
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-4.40% / 89.21%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 16:40
Updated-16 May, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional access to path outside of restricted directory.

Action-Not Available
Vendor-Dell Inc.
Product-container_storage_modulesDell Container Storage Modules
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-46363
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 20.22%
||
7 Day CHG-0.00%
Published-30 Oct, 2025 | 15:22
Updated-21 Jan, 2026 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway SCG 5.0 Application and Appliance
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-23
Relative Path Traversal
CVE-2025-43934
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.04% / 11.02%
||
7 Day CHG~0.00%
Published-07 Oct, 2025 | 18:30
Updated-14 Oct, 2025 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature ReleasePowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2025
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-36598
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 18.95%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 19:27
Updated-18 Feb, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to upload malicious files.

Action-Not Available
Vendor-Dell Inc.
Product-Avamar Virtual EditionPowerProtect DP Series Appliance (IDPA)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-24908
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-1.38% / 80.62%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 15:48
Updated-04 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem.

Action-Not Available
Vendor-Dell Inc.
Product-dm5500dm5500_firmwareData Manager Appliance Software (DMAS)dm5500
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-15782
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.7||HIGH
EPSS-0.03% / 8.55%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 20:00
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DSA-2018-226: RSA® Authentication Manager Relative Path Traversal Vulnerability

The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-authentication_managerRSA Authentication Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-28976
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.06% / 18.84%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 08:01
Updated-21 Jan, 2025 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the running web application.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerDell Repository Manager (DRM) repository_manager
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found