Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-32745

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-22 May, 2026 | 13:23
Updated At-22 May, 2026 | 13:48
Rejected At-
Credits

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:22 May, 2026 | 13:23
Updated At:22 May, 2026 | 13:48
Rejected At:
▼CVE Numbering Authority (CNA)

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering.

Affected Products
Vendor
Dell Inc.Dell
Product
PowerFlex Manager (Appliance)
Default Status
unaffected
Versions
Affected
  • From 0 before IC 48.378.00 (semver)
  • From 0 before IC 48.383.00 (semver)
Vendor
Dell Inc.Dell
Product
PowerFlex Manager (Rack)
Default Status
unaffected
Versions
Affected
  • From 0 before 3.7.8.0 (semver)
  • From 0 before 3.8.3.0 (semver)
Vendor
Dell Inc.Dell
Product
PowerFlex Manager
Default Status
unaffected
Versions
Affected
  • From 0 through 4.6.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-295CWE-295: Improper Certificate Validation
Type: CWE
CWE ID: CWE-295
Description: CWE-295: Improper Certificate Validation
Metrics
VersionBase scoreBase severityVector
3.14.2MEDIUM
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 4.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000391568/dsa-2025-435-security-update-for-dell-powerflex-rack-multiple-third-party-component-vulnerabilities
vendor-advisory
https://www.dell.com/support/kbdoc/en-us/000391392/dsa-2025-434-security-update-for-dell-powerflex-appliance-multiple-third-party-component-vulnerabilities
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000391568/dsa-2025-435-security-update-for-dell-powerflex-rack-multiple-third-party-component-vulnerabilities
Resource:
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000391392/dsa-2025-434-security-update-for-dell-powerflex-appliance-multiple-third-party-component-vulnerabilities
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet

Similar CVEs

26Records found
CVE-2022-45100
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.37% / 58.69%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 05:06
Updated-26 Mar, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-5367
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.4||HIGH
EPSS-0.23% / 45.26%
||
7 Day CHG~0.00%
Published-23 Jun, 2020 | 20:00
Updated-16 Sep, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim's data in transit.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unisphere_for_powermaxpowermax_osemc_unisphere_for_powermax_virtual_applianceUnisphere for PowerMax, Unisphere for PowerMax Virtual Appliance, PowerMax OS
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-29504
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.4||HIGH
EPSS-0.18% / 38.54%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 15:58
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.

Action-Not Available
Vendor-Dell Inc.
Product-bsafe_micro-edition-suitebsafe_crypto-c-micro-editionBSAFE Crypto-C Micro EditionDell BSAFE Micro Edition Suite
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-26184
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.80%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 14:25
Updated-16 Sep, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability.

Action-Not Available
Vendor-Oracle CorporationDell Inc.
Product-bsafe_micro-edition-suitehttp_serversecurity_serviceweblogic_server_proxy_plug-inDell BSAFE Micro Edition Suite
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-34394
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-3.7||LOW
EPSS-0.11% / 29.60%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 20:30
Updated-20 May, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could be leveraged by attackers to conduct man-in-the-middle attacks to gain access to the Support Assist information.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10Dell Networking OS10
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-34404
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.82%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:30
Updated-26 Mar, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-system_updateSystem Update
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-26478
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-3.1||LOW
EPSS-0.04% / 13.16%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 11:37
Updated-01 Aug, 2025 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-elastic_cloud_storageobjectscaleECS
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-41119
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.01% / 2.66%
||
7 Day CHG~0.00%
Published-18 May, 2026 | 09:36
Updated-19 May, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to loss of confidentiality and integrity.

Action-Not Available
Vendor-Dell Inc.
Product-Live Optics
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-23776
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.01% / 1.80%
||
7 Day CHG~0.00%
Published-17 Apr, 2026 | 08:56
Updated-20 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain(s) an Improper Certificate Validation vulnerability in certificate-based login. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_dp_series_appliancedata_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-24508
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-2.5||LOW
EPSS-0.01% / 1.30%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 18:56
Updated-16 Mar, 2026 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-21571
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.27% / 50.69%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 17:00
Updated-16 Sep, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering.

Action-Not Available
Vendor-Dell Inc.
Product-optiplex_7090_uffxps_15_9510_firmwareinspiron_7500_firmwareinspiron_7300_firmwarelatitude_3520g5_5500precision_17_m5750_firmwareprecision_3561_firmwarexps_17_9710_firmwareg7_7500precision_7560vostro_3881_firmwarelatitude_5511_firmwareprecision_3550inspiron_3891_firmwarevostro_3888vostro_3888_firmwarelatitude_7420_firmwareinspiron_5501vostro_5501_firmwarelatitude_9420optiplex_5090_tower_firmwareprecision_3650_mt_firmwareoptiplex_5080inspiron_5400_aioinspiron_5502latitude_5511inspiron_7501precision_5550inspiron_7300_2-in-1xps_17_9700vostro_3400inspiron_3891xps_13_9305vostro_5310g3_3500latitude_9410_firmwareinspiron_7300_2-in-1_firmwareinspiron_7706_2-in-1_firmwareg15_5511_firmwarelatitude_7410_firmwarelatitude_7320latitude_5310_2-in-1optiplex_7090_tower_firmwarelatitude_3420inspiron_15_7510_firmwareinspiron_14_5418_firmwareg5_5500_firmwareinspiron_7506_firmwarelatitude_5410_firmwarelatitude_5310_2-in-1_firmwareinspiron_5409vostro_3890latitude_3510precision_3560_firmwarevostro_5401_firmwareinspiron_3880_firmwareinspiron_5310_firmwareinspiron_5406_2n1inspiron_5501_firmwareoptiplex_5080_firmwarexps_17_9700_firmwareinspiron_15_7510latitude_3420_firmwarevostro_14_5410latitude_7320_detachable_firmwarelatitude_9410optiplex_7080_firmwarelatitude_5310xps_15_9500inspiron_5508_firmwareprecision_3450precision_7550_firmwareoptiplex_7090_uff_firmwarechengming_3991precision_5560inspiron_5400_aio_firmwareinspiron_7501_firmwareg15_5510_firmwareinspiron_3881_firmwarelatitude_5521precision_17_m5750vostro_3501latitude_7520vostro_15_5510inspiron_5406_2n1_firmwareprecision_3450_firmwarechengming_3990inspiron_5301g7_7700_firmwareoptiplex_7090_towervostro_5880_firmwarexps_17_9710inspiron_5402inspiron_7700_aiovostro_3881vostro_5401latitude_5420_firmwareprecision_3561latitude_5520latitude_3410_firmwarevostro_5300inspiron_7400_firmwarelatitude_3320vostro_5301precision_3650_mtxps_15_9510latitude_7210_2-in-1inspiron_5410_2-in-1_firmwarevostro_5880precision_7750alienware_m15_r6_firmwareinspiron_5410_2-in-1latitude_3320_firmwarelatitude_9520_firmwareprecision_5560_firmwarevostro_3690_firmwareoptiplex_7080g15_5510latitude_5520_firmwareinspiron_15_5518vostro_7500_firmwarelatitude_5410inspiron_5310precision_3551latitude_5320_2-in-1_firmwareinspiron_7610vostro_5301_firmwarelatitude_5421vostro_5890latitude_9420_firmwarexps_13_2in1_9310latitude_5510inspiron_5400_2-in-1inspiron_5401_aio_firmwareinspiron_7610_firmwarelatitude_5320_2-in-1vostro_5300_firmwarevostro_3501_firmwareinspiron_5400_2-in-1_firmwareoptiplex_7780_all-in-one_firmwareprecision_3440xps_13_2in1_9310_firmwareprecision_3440_firmwarevostro_5402precision_3640_firmwareinspiron_7500_2-in-1_firmwarelatitude_5320precision_3550_firmwarelatitude_7410vostro_3690optiplex_3280_all-in-one_firmwarexps_15_9500_firmwarelatitude_5411inspiron_5300_firmwareprecision_7760vostro_7500optiplex_7490_all-in-oneinspiron_7306_2-in-1_firmwarevostro_3500_firmwarelatitude_7320_detachablelatitude_9520inspiron_5509optiplex_3090_uffoptiplex_5090_towervostro_3681latitude_7420inspiron_5300inspiron_7706_2-in-1inspiron_5508precision_5550_firmwarevostro_15_7510g7_7500_firmwarelatitude_5411_firmwarelatitude_3120_firmwarelatitude_3510_firmwareinspiron_15_5518_firmwareinspiron_5301_firmwareinspiron_5408_firmwarelatitude_7310_firmwareinspiron_7306_2-in-1xps_13_9310_firmwarelatitude_9510optiplex_3280_all-in-onelatitude_7520_firmwareprecision_5760_firmwarelatitude_5420inspiron_7300inspiron_5402_firmwarevostro_3681_firmwareprecision_7560_firmwarevostro_5890_firmwarelatitude_9510_firmwareoptiplex_5490_aio_firmwareprecision_7760_firmwarexps_13_9305_firmwarelatitude_7210_2-in-1_firmwarexps_13_9310vostro_15_7510_firmwarelatitude_5510_firmwareg7_7700vostro_5502inspiron_7506optiplex_7780_all-in-oneinspiron_5408inspiron_3501_firmwarevostro_5502_firmwareinspiron_3880g3_3500_firmwareoptiplex_3080_firmwarelatitude_3410precision_7550vostro_5402_firmwareoptiplex_7490_all-in-one_firmwareinspiron_3881vostro_14_5410_firmwarelatitude_5320_firmwareoptiplex_3080inspiron_3501latitude_5310_firmwarealienware_m15_r6vostro_3890_firmwareoptiplex_5490_aiolatitude_7310latitude_5421_firmwareinspiron_7500g15_5511optiplex_3090_uff_firmwareprecision_5760inspiron_5401_firmwarevostro_15_5510_firmwarevostro_5501optiplex_7480_all-in-onechengming_3990_firmwarelatitude_7320_firmwarelatitude_3120precision_3560inspiron_5401_aioprecision_3551_firmwareprecision_3640inspiron_7700_aio_firmwarevostro_3400_firmwarevostro_5310_firmwareinspiron_5509_firmwareoptiplex_7480_all-in-one_firmwarevostro_3500precision_7750_firmwareinspiron_5502_firmwarelatitude_3520_firmwarechengming_3991_firmwareinspiron_14_5418inspiron_5409_firmwareinspiron_7400inspiron_7500_2-in-1latitude_5521_firmwareinspiron_5401UEFI BIOS https stack
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-3762
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.98%
||
7 Day CHG~0.00%
Published-18 Mar, 2020 | 18:20
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_data_protection_centralData Protection Central
CWE ID-CWE-296
Improper Following of a Certificate's Chain of Trust
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-43082
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.6||HIGH
EPSS-0.15% / 34.82%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 16:16
Updated-02 Aug, 2024 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentunityvsa_operating_environmentunity_xt_operating_environmentUnity
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-21559
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 18:05
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which uses SSL encrypted connection in order to communicate with the application server. An unauthenticated attacker in the same network collision domain as the NetWorker Management Console client could potentially exploit this vulnerability to perform man-in-the-middle attacks to intercept and tamper the traffic between the client and the application server.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-47241
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.81%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 16:28
Updated-13 Dec, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access and modification of transmitted data.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway (SCG) 5.0 Appliance - SRS
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-21548
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.4||HIGH
EPSS-0.05% / 15.74%
||
7 Day CHG~0.00%
Published-17 Mar, 2023 | 05:07
Updated-26 Feb, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unisphere_for_powermaxpowermax_osemc_unisphere_for_powermax_virtual_applianceUnisphere for PowerMax, Dell EMC Unisphere for PowerMax Virtual Appliance , PowerMax OS
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-32464
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-2.7||LOW
EPSS-0.10% / 26.19%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 07:57
Updated-08 Nov, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_e665n_firmwarevxrail_p580n_vcfvxrail_e560nvxrail_e560f_vcfvxrail_d560vxrail_v470vxrail_g560f_vcfvxrail_g560fvxrail_e660fvxrail_s670vxrail_p570_vcfvxrail_d560_firmwarevxrail_p570_vcf_firmwarevxrail_vd-4000r_firmwarevxrail_s570vxrail_v570f_vcf_firmwarevxrail_e560n_vcfvxrail_p675nvxrail_p570f_firmwarevxrail_p570f_vcf_firmwarevxrail_p670nvxrail_s570_firmwarevxrail_vd-4000zvxrail_e560f_vcf_firmwarevxrail_p570f_vcfvxrail_v570fvxrail_e665f_firmwarevxrail_p675fvxrail_p570_firmwarevxrail_s470_firmwarevxrail_e665fvxrail_p470vxrail_p670fvxrail_e560_vcf_firmwarevxrail_e560f_firmwarevxrail_e660nvxrail_s670_firmwarevxrail_p670n_firmwarevxrail_v570f_firmwarevxrail_v570_vcfvxrail_vd-4000rvxrail_s570_vcf_firmwarevxrail_e560vxrail_d560f_firmwarevxrail_p670f_firmwarevxrail_e660n_firmwarevxrail_s570_vcfvxrail_e460_firmwarevxrail_e660_firmwarevxrail_v670fvxrail_e560fvxrail_v570f_vcfvxrail_vd-4520cvxrail_e560n_firmwarevxrail_e560_vcfvxrail_g560_vcf_firmwarevxrail_g560vxrail_d560fvxrail_g560_vcfvxrail_p570vxrail_g560f_vcf_firmwarevxrail_vd-4000z_firmwarevxrail_v570vxrail_e665vxrail_p570fvxrail_e660f_firmwarevxrail_vd-4510cvxrail_vd-4000wvxrail_vd-4510c_firmwarevxrail_p580n_vcf_firmwarevxrail_v470_firmwarevxrail_vd-4520c_firmwarevxrail_p580n_firmwarevxrail_v670f_firmwarevxrail_v570_firmwarevxrail_v570_vcf_firmwarevxrail_e560n_vcf_firmwarevxrail_g560f_firmwarevxrail_p470_firmwarevxrail_p580nvxrail_e665_firmwarevxrail_g560_firmwarevxrail_e660vxrail_s470vxrail_e665nvxrail_e560_firmwarevxrail_p675n_firmwarevxrail_vd-4000w_firmwarevxrail_p675f_firmwarevxrail_e460Dell EMC VxRail Appliance
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-23690
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.20% / 42.19%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 11:25
Updated-02 Apr, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.

Action-Not Available
Vendor-Dell Inc.
Product-cloud_mobility_for_dell_emc_storageCloud Mobility for Dell Storage
CWE ID-CWE-299
Improper Check for Certificate Revocation
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-29171
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 25.73%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 01:20
Updated-19 Mar, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains an Improper certificate verification vulnerability. A remote attacker could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-bsafe_ssl-jDell BSAFE SSL-J
CWE ID-CWE-295
Improper Certificate Validation
CVE-2018-15784
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.4||HIGH
EPSS-0.09% / 25.90%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 22:00
Updated-16 Sep, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DSA-2019-001: Dell Networking OS10 Improper Certificate Validation Vulnerability

Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.

Action-Not Available
Vendor-Dell Inc.
Product-networking_os10Dell Networking OS10
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-24568
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5||MEDIUM
EPSS-0.09% / 24.64%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 15:12
Updated-10 Jan, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates.

Action-Not Available
Vendor-Dell Inc.
Product-networkerNetWorker
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-297
Improper Validation of Certificate with Host Mismatch
CVE-2022-29082
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-3.7||LOW
EPSS-0.07% / 21.77%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-297
Improper Validation of Certificate with Host Mismatch
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-22549
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.90%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 17:50
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated remote attacker could potentially exploit this vulnerability, leading to a man-in-the-middle capture of administrative credentials.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-35434
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-2.3||LOW
EPSS-0.06% / 19.00%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 16:53
Updated-30 Sep, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CISA Thorium does not validate TLS connections to Elasticsearch

CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2.

Action-Not Available
Vendor-cisaCISA
Product-thoriumThorium
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-39771
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-4.2||MEDIUM
EPSS-0.20% / 41.77%
||
7 Day CHG~0.00%
Published-28 Aug, 2024 | 05:54
Updated-28 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle attack.

Action-Not Available
Vendor-safieSafie Inc.
Product-safie_one_firmwareqbic_cloud_cc-2\/2l_firmwareqbic_cloud_cc-2\/2lsafie_oneQBiC CLOUD CC-2LSafie One
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-22305
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.71%
||
7 Day CHG~0.00%
Published-01 Sep, 2023 | 11:43
Updated-27 Sep, 2024 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisandboxfortimanagerfortianalyzerfortiosFortiManagerFortiSandboxFortiAnalyzer
CWE ID-CWE-297
Improper Validation of Certificate with Host Mismatch
CWE ID-CWE-295
Improper Certificate Validation
Details not found