Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-26944

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-20 Apr, 2026 | 15:51
Updated At-22 Apr, 2026 | 03:55
Rejected At-
Credits

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. Exploitation requires an authenticated user to perform a specific action.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:20 Apr, 2026 | 15:51
Updated At:22 Apr, 2026 | 03:55
Rejected At:
â–¼CVE Numbering Authority (CNA)

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. Exploitation requires an authenticated user to perform a specific action.

Affected Products
Vendor
Dell Inc.Dell
Product
PowerProtect Data Domain
Default Status
unaffected
Versions
Affected
  • From 0 before 8.6.1.10, 8.7.0.0 or later (semver)
  • From 0 before 8.3.1.30 or later (semver)
  • From 0 before 7.13.1.70 or later (semver)
  • From 0 before 2.7.9 with DD OS 8.3.1.30 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-306CWE-306: Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: CWE-306: Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Dell would like to thank brocked200 (Nguyen Quoc Khanh) for reporting these issues.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:20 Apr, 2026 | 16:16
Updated At:23 Apr, 2026 | 13:59

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. Exploitation requires an authenticated user to perform a specific action.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Dell Inc.
dell
>>powerprotect_dp_series_appliance>>Versions before 2.7.9(exclusive)
cpe:2.3:a:dell:powerprotect_dp_series_appliance:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>data_domain_operating_system>>Versions from 7.7.1.0(inclusive) to 7.13.1.70(exclusive)
cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>data_domain_operating_system>>Versions from 7.14.0.0(inclusive) to 8.3.1.30(exclusive)
cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>data_domain_operating_system>>Versions from 8.4.0.0(inclusive) to 8.6.1.0(exclusive)
cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-306Primarysecurity_alert@emc.com
CWE ID: CWE-306
Type: Primary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilitiessecurity_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

28Records found
CVE-2020-5335
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5||MEDIUM
EPSS-0.08% / 22.96%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 18:50
Updated-16 Sep, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server operations with the privileges of the authenticated victim user.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-archerRSA Archer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-18573
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.7||HIGH
EPSS-0.23% / 46.04%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 20:50
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session.

Action-Not Available
Vendor-Dell Inc.
Product-rsa_identity_governance_and_lifecycleRSA Identity Governance & Lifecycle
CWE ID-CWE-598
Use of GET Request Method With Sensitive Query Strings
CWE ID-CWE-384
Session Fixation
CVE-2025-24381
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.35% / 57.74%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 02:23
Updated-26 Feb, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. Exploitation may allow for session theft.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-21549
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.12% / 30.02%
||
7 Day CHG~0.00%
Published-21 May, 2021 | 20:05
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attacker could potentially exploit this vulnerability, leading to a privileged victim application user being tricked into sending state-changing requests to the vulnerable application, causing unintended server operations.

Action-Not Available
Vendor-Dell Inc.
Product-xtremio_management_serverxtremio_x1xtremio_x2XtremIO
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22454
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-1.10% / 78.09%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 07:35
Updated-09 May, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Data Manager
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2023-44286
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.47%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 15:35
Updated-02 Aug, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user's DOM environment in the browser. . Exploitation may lead to information disclosure, session theft, or client-side request forgery.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_domainpowerprotect_data_protectiondd9400dp5900apex_protection_storagepowerprotect_data_domain_management_centeremc_data_domain_osdd6400dd3300dd9900dd6900dp4400PowerProtect DD
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34367
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.4||MEDIUM
EPSS-0.22% / 44.11%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 20:55
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4, 19.5, 19.6, contain(s) a Cross-Site Request Forgery Vulnerability. A(n) remote unauthenticated attacker could potentially exploit this vulnerability, leading to processing of unintended server operations.

Action-Not Available
Vendor-Dell Inc.
Product-emc_data_protection_centralData Protection Central
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-3718
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-0.16% / 36.05%
||
7 Day CHG~0.00%
Published-18 Apr, 2019 | 19:58
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.

Action-Not Available
Vendor-Dell Inc.
Product-supportassistSupportAssist Client
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-34448
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:51
Updated-26 Mar, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions.

Action-Not Available
Vendor-Dell Inc.
Product-powerpath_management_appliancePowerPath Management Appliance
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-26192
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.26%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no non-admin users or roles have these privileges by default.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-18572
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.3||HIGH
EPSS-1.31% / 79.90%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 20:50
Updated-16 Sep, 2024 | 22:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication. An unauthenticated remote attacker can connect to the JMX agent and monitor and manage the Java application.

Action-Not Available
Vendor-Dell Inc.
Product-rsa_identity_governance_and_lifecycleRSA Identity Governance & Lifecycle
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-32460
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.64%
||
7 Day CHG~0.00%
Published-08 Dec, 2023 | 05:37
Updated-02 Aug, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r7515poweredge_fc430poweredge_t140_firmwarepoweredge_t560_firmwarepoweredge_xr12poweredge_r7515_firmwarepoweredge_fc630poweredge_r760xa_firmwarepoweredge_xe7420poweredge_mx750c_firmwarepoweredge_r530poweredge_m640_\(pe_vrtx\)poweredge_m830_\(pe_vrtx\)emc_xc_core_xc650_firmwarenx3330emc_nx440_firmwarepoweredge_t630_firmwareemc_xc_core_xc940poweredge_r330dss_8440poweredge_xe7440_firmwarepoweredge_t130poweredge_xe9680poweredge_r430poweredge_r840_firmwarepoweredge_t150_firmwarepoweredge_r830poweredge_m630_\(pe_vrtx\)xc730_hyperconverged_appliancepoweredge_c6320poweredge_r350_firmwarepoweredge_r750_firmwarepoweredge_xr8610tpoweredge_r440poweredge_xr4510cpoweredge_c6615poweredge_m830poweredge_r340poweredge_fc640_firmwarepoweredge_c6320_firmwarepoweredge_r750xspoweredge_t640_firmwarepoweredge_r830_firmwarepoweredge_r740xd2poweredge_t550_firmwarepoweredge_xr7620_firmwarepoweredge_r240_firmwarepoweredge_fc830_firmwarenx3230poweredge_r730xdpoweredge_r230poweredge_t350poweredge_fc630_firmwareemc_xc_core_xc740xd2poweredge_r740poweredge_xr2xc_core_xc660_firmwarexc730xd_hyperconverged_appliancepoweredge_r230_firmwarepoweredge_r440_firmwarepoweredge_t150poweredge_r630_firmwarepoweredge_xe9680_firmwarepoweredge_r650xspoweredge_fc830xc430_hyperconverged_applianceemc_xc_core_xc740xd2_firmwarexc_core_xc760poweredge_r730xd_firmwarepoweredge_c6620_firmwareemc_storage_nx3240poweredge_mx840cemc_xc_core_xc740xd_firmwarepoweredge_mx740cpoweredge_r730poweredge_r7525poweredge_t130_firmwaredss_8440_firmwarepoweredge_r6615_firmwareemc_xc_core_xc750xa_firmwareemc_xc_core_xc640_firmwarepoweredge_fc430_firmwareemc_storage_nx3240_firmwarepoweredge_r540_firmwarepoweredge_r740xdpoweredge_r740_firmwarepoweredge_r6415nx430_firmwareemc_xc_core_xc750poweredge_r760xs_firmwarepoweredge_r740xd2_firmwarepoweredge_r940xaemc_xc_core_xc750xapoweredge_t330_firmwarepoweredge_r7625poweredge_r450_firmwarepoweredge_r640poweredge_r7425poweredge_r7615poweredge_r760xd2poweredge_r750xs_firmwarepoweredge_t440_firmwarepoweredge_r930_firmwarenx430poweredge_hs5620_firmwareemc_xc_core_xc6520poweredge_m830_firmwarepoweredge_r7615_firmwarepoweredge_r250poweredge_r6515_firmwarepoweredge_r240poweredge_hs5610_firmwarepoweredge_r430_firmwareemc_xc_core_xc6520_firmwarepoweredge_xr4510c_firmwarepoweredge_r730_firmwarepoweredge_xr8620t_firmwareemc_xc_core_6420_firmwareemc_xc_core_xc450_firmwarexc630_hyperconverged_appliancepoweredge_m640xc730xd_hyperconverged_appliance_firmwarepoweredge_xr8620tpoweredge_t630poweredge_r750poweredge_r650_firmwarepoweredge_m640_\(pe_vrtx\)_firmwarepoweredge_r930xc_core_xc760_firmwarexc6320_hyperconverged_appliance_firmwarepoweredge_xe8640poweredge_t640poweredge_c6520_firmwareemc_xc_core_xc940_firmwareemc_storage_nx3340_firmwarepoweredge_r550_firmwareemc_xc_core_xc750_firmwarexc6320_hyperconverged_appliancepoweredge_r760xd2_firmwarepoweredge_c4140_firmwarexc_core_xc660poweredge_r250_firmwarepoweredge_r760_firmwarepoweredge_r550poweredge_mx840c_firmwarepoweredge_r660_firmwarepoweredge_c6525_firmwarepoweredge_c6525emc_xc_core_xc650emc_xc_core_xc740xdpoweredge_r6625_firmwarepoweredge_r6415_firmwarepoweredge_m830_\(pe_vrtx\)_firmwarepoweredge_r330_firmwarepoweredge_m630xc730_hyperconverged_appliance_firmwarepoweredge_c6615_firmwareemc_xc_core_xc640poweredge_t430_firmwareemc_xc_core_6420poweredge_xe7420_firmwarepoweredge_c6420_firmwarepoweredge_r7415_firmwarepoweredge_fc640poweredge_xe2420_firmwarepoweredge_r7415poweredge_r660poweredge_c4140poweredge_r940_firmwareemc_xc_core_xcxr2_firmwarepoweredge_xr11_firmwarexc430_hyperconverged_appliance_firmwarepoweredge_r860poweredge_r650poweredge_r650xs_firmwarepoweredge_r740xd_firmwarepoweredge_xr11poweredge_t140poweredge_xr12_firmwarepoweredge_xr8610t_firmwarepoweredge_c6620poweredge_xr4520cpoweredge_r7625_firmwarepoweredge_r760xapoweredge_xe9640_firmwareemc_xc_core_xc7525_firmwarepoweredge_t560emc_xc_core_xcxr2poweredge_mx740c_firmwarepoweredge_xr7620poweredge_xr5610_firmwarepoweredge_r640_firmwarepoweredge_t440nx3330_firmwarepoweredge_xr4520c_firmwarepoweredge_r940xa_firmwarepoweredge_r630poweredge_c4130_firmwarepoweredge_r7525_firmwarepoweredge_t330nx440poweredge_mx760c_firmwarepoweredge_r660xspoweredge_r6525poweredge_xe8545_firmwarepoweredge_c4130poweredge_r6615poweredge_mx760cpoweredge_xe9640poweredge_xe8545emc_xc_core_xc7525poweredge_r940poweredge_r750xapoweredge_r540poweredge_t550poweredge_m640_firmwarepoweredge_r660xs_firmwarepoweredge_hs5620poweredge_t340_firmwarepoweredge_r340_firmwarepoweredge_t430poweredge_xr2_firmwarepoweredge_r6515poweredge_xe2420poweredge_r760poweredge_r530_firmwareemc_xc_core_xc450poweredge_r6525_firmwarepoweredge_mx750cpoweredge_c6420poweredge_xe7440poweredge_r960poweredge_m630_firmwarepoweredge_r350emc_storage_nx3340poweredge_xe8640_firmwarepoweredge_r750xa_firmwarepoweredge_r840poweredge_r960_firmwarepoweredge_r760xspoweredge_c6520poweredge_m630_\(pe_vrtx\)_firmwarepoweredge_t340poweredge_xr5610poweredge_r450poweredge_hs5610poweredge_t350_firmwarexc630_hyperconverged_appliance_firmwarepoweredge_r860_firmwarepoweredge_r6625nx3230_firmwarepoweredge_r7425_firmwarePowerEdge Platform
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-43994
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.6||HIGH
EPSS-0.09% / 24.67%
||
7 Day CHG~0.00%
Published-24 Oct, 2025 | 14:14
Updated-04 Nov, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Center - Dell Storage Manager, version(s) DSM 20.1.21, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-storage_managerDell Storage Manager
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-22449
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.03% / 9.06%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 09:48
Updated-17 Jun, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefs PowerScale OneFS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-21535
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.4||HIGH
EPSS-0.03% / 9.98%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 17:40
Updated-16 Sep, 2024 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system.

Action-Not Available
Vendor-Dell Inc.
Product-hybrid_clientDell Hybrid Client (DHC)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-5326
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 17.09%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 14:50
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager.

Action-Not Available
Vendor-Dell Inc.
Product-xps_13_9343_firmwarelatitude_5401g7_7590inspiron_3470latitude_e7270precision_3541_firmwareprecision_7920_firmwareinspiron_15_7572optiplex_7770_firmwareinspiron_5488_firmwareprecision_7820_firmwareinspiron_14_gaming_7466_firmwareoptiplex_7040_firmwarexps_15_9550_firmwarelatitude_5179latitude_7380_firmwarelatitude_7370latitude_7370_firmwareinspiron_5570wyse_7040optiplex_7440_firmwarelatitude_e5270optiplex_5070_firmwareprecision_7540precision_3420wyse_5070latitude_5490latitude_5590vostro_3070_firmwareinspiron_7580_firmwareprecision_7920inspiron_3583precision_7720vostro_5581_firmwarelatitude_5300vostro_3481xps_12_9250_firmwareinspiron_7786vostro_7590precision_5530_firmwarelatitude_e7270_firmwareoptiplex_5040latitude_5280_firmwareg5_5587_firmwarelatitude_7424_rugged_extreme_firmwarelatitude_e5470optiplex_5050optiplex_3070_firmwareinspiron_15_gaming_7566latitude_3460_firmwareinspiron_15_gaming_7577latitude_7300latitude_e7470_firmwareg5_5590precision_7720_firmwarexps_13_9360optiplex_3060_firmwareinspiron_3780latitude_3590_firmwarelatitude_7490_firmwareinspiron_7380_firmwarelatitude_7390_firmwarelatitude_5500_firmwareprecision_7710precision_5520latitude_7400latitude_5591xps_13_9343xps_15_9570precision_3520precision_3620precision_5820g7_7790latitude_e5570precision_7810_firmwareoptiplex_5050_firmwareprecision_7520_firmwareoptiplex_3050latitude_5175_firmwarelatitude_7414latitude_7414_firmwarelatitude_e5270_firmwareinspiron_7586optiplex_3040_firmwareoptiplex_5070precision_3630_firmwareinspiron_3480_firmwareg5_5590_firmwareprecision_3430optiplex_5060_firmwarelatitude_7285_firmwarevostro_3581_firmwarexps_13_9350precision_7530_firmwarelatitude_7275vostro_3581xps_15_9575optiplex_7070vostro_3583_firmwarelatitude_5420_rugged_firmwarelatitude_5414inspiron_15_gaming_7567_firmwarelatitude_7202g3_3779_firmwarelatitude_5420_ruggedlatitude_5500wyse_7040_firmwarelatitude_7480_firmwarelatitude_7202_firmwarelatitude_e5470_firmwarelatitude_5288_firmwareinspiron_5480vostro_5370inspiron_5580_firmwarelatitude_5488g3_3590optiplex_5260latitude_7380precision_3540latitude_5501latitude_7400_firmwareprecision_7710_firmwarexps_15_9560latitude_3590inspiron_3580_firmwareinspiron_14_gaming_7466inspiron_3781_firmwarevostro_5370_firmwareinspiron_7472_firmwarewyse_5070_firmwareoptiplex_5260_firmwarevostro_3670_firmwareinspiron_15_gaming_7577_firmwarelatitude_7275_firmwareprecision_7520vostro_3583latitude_5491_firmwareinspiron_5482latitude_7290precision_7540_firmwareprecision_3630optiplex_7760xps_15_9560_firmwarelatitude_7480latitude_7214_firmwareoptiplex_3060optiplex_5060inspiron_7580inspiron_3584inspiron_5770inspiron_5482_firmwarevostro_5481latitude_3580precision_3530_firmwareprecision_3930_firmwarelatitude_7212latitude_5580_firmwareinspiron_5480_firmwareoptiplex_xe3_firmwareinspiron_7590vostro_3580vostro_7580inspiron_7472optiplex_7070_firmwarelatitude_5175precision_3620_firmwarevostro_3584optiplex_xe3precision_5510embedded_box_pc_5000precision_7810vostro_3481_firmwarexps_8900latitude_5491inspiron_3580vostro_3470_firmwareg3_3579optiplex_3240_firmwareinspiron_7386_firmwareoptiplex_7040inspiron_7386latitude_7280latitude_5400optiplex_7440latitude_5480precision_3541optiplex_7050_firmwareprecision_7730_firmwarevostro_5471_firmwarelatitude_5401_firmwareoptiplex_7470optiplex_3046precision_7730inspiron_7380latitude_5424_rugged_firmwareprecision_7910xps_15_9575_firmwarelatitude_7300_firmwarelatitude_7285latitude_5400_firmwareprecision_3420_firmwareprecision_7510_firmwareinspiron_5481xps_27_7760inspiron_7786_firmwareoptiplex_7460_firmwareoptiplex_5250_firmwarexps_13_9350_firmwareinspiron_14_gaming_7467_firmwarelatitude_7214inspiron_3781latitude_5501_firmwarexps_27_7760_firmwareprecision_3430_firmwareprecision_7910_firmwareg7_7588_firmwareoptiplex_3050_firmwareoptiplex_7450_firmwareoptiplex_7450inspiron_7590_firmwareprecision_7740_firmwareg3_3579_firmwarelatitude_3480_firmwarexps_13_9360_firmwarelatitude_7389optiplex_7760_firmwareinspiron_7591_firmwareinspiron_5570_firmwarelatitude_5290latitude_5289_firmwarechengming_3980_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530g7_7588inspiron_3470_firmwarelatitude_5590_firmwareinspiron_15_7572_firmwarevostro_5481_firmwareinspiron_5370precision_7740inspiron_3481_firmwareprecision_5530inspiron_15_gaming_7567latitude_7212_firmwareinspiron_5582inspiron_3584_firmwareprecision_3930inspiron_3480inspiron_3583_firmwareinspiron_5770_firmwareinspiron_7586_firmwarelatitude_3490inspiron_3670vostro_3580_firmwareinspiron_3581_firmwarexps_8900_firmwarelatitude_3300_firmwarevostro_5471xps_15_9570_firmwarelatitude_3490_firmwareprecision_5720_firmwarevostro_5581optiplex_7770optiplex_5270latitude_7280_firmwareg7_7790_firmwarevostro_3670latitude_5280latitude_5179_firmwareinspiron_3670_firmwarevostro_15_7570latitude_e5570_firmwareprecision_3540_firmwarelatitude_5300_firmwareoptiplex_3046_firmwareinspiron_15_gaming_7566_firmwareinspiron_5580precision_5810latitude_5289latitude_5480_firmwareinspiron_5582_firmwarelatitude_3460precision_7820optiplex_3240inspiron_5488precision_5510_firmwarexps_13_9380inspiron_14_gaming_7467latitude_3480latitude_5490_firmwarelatitude_5591_firmwarevostro_3070xps_15_9550inspiron_5481_firmwareprecision_5520_firmwareinspiron_7591xps_12_9250g3_3590_firmwarelatitude_3300latitude_5580precision_5810_firmwarevostro_3584_firmwarevostro_3480precision_3520_firmwarechengming_3980optiplex_7060latitude_5290_firmwarelatitude_7424_rugged_extremeg5_5587latitude_3580_firmwarevostro_3470optiplex_3070latitude_7390optiplex_3040precision_5720latitude_7290_firmwareoptiplex_5270_firmwareprecision_7530inspiron_5370_firmwareoptiplex_7470_firmwareprecision_3431precision_7510vostro_3480_firmwareoptiplex_7460vostro_7590_firmwareg7_7590_firmwareembedded_box_pc_5000_firmwareoptiplex_7050vostro_7580_firmwareprecision_3510_firmwareprecision_3431_firmwareprecision_3510xps_13_9380_firmwarelatitude_5414_firmwarelatitude_7490latitude_5288latitude_7389_firmwareoptiplex_7060_firmwareg3_3779latitude_e7470precision_5820_firmwareoptiplex_5040_firmwareoptiplex_5250inspiron_3581latitude_5424_ruggedlatitude_5488_firmwarevostro_15_7570_firmwareDell Client Consumer and Commercial Platforms
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-5373
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 51.01%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 19:30
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device.

Action-Not Available
Vendor-Dell Inc.
Product-emc_omimssc_for_sccmemc_omimssc_for_scvmmOMIMSSC (OpenManage Integration for Microsoft System Center)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-5328
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 60.13%
||
7 Day CHG~0.00%
Published-06 Mar, 2020 | 20:25
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsIsilon OneFS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-34227
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 5.50%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 15:25
Updated-03 Apr, 2026 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data (e.g. SSH keys, ntds.dit) or destroying the entire compromised infrastructure, entirely through the operator's own browser. This issue has been patched in version 1.7.4.

Action-Not Available
Vendor-bishopfoxBishopFox
Product-sliversliver
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-942
Permissive Cross-domain Policy with Untrusted Domains
CVE-2019-9082
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-94.25% / 99.93%
||
7 Day CHG~0.00%
Published-24 Feb, 2019 | 18:00
Updated-09 Dec, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.

Action-Not Available
Vendor-zzzcmsthinkphpopensourcebmsn/aThinkPHP
Product-zzzphpthinkphpopen_source_background_management_systemn/aThinkPHP
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-25116
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.6||HIGH
EPSS-0.11% / 29.80%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 21:49
Updated-26 Feb, 2026 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Runtipi vulnerable to unauthenticated docker-compose.yml Overwrite via Path Traversal

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the `UserConfigController` allows any remote user to overwrite the system's `docker-compose.yml` configuration file. By exploiting insecure URN parsing, an attacker can replace the primary stack configuration with a malicious one, resulting in full Remote Code Execution (RCE) and host filesystem compromise the next time the instance is restarted by the operator. Version 4.7.2 fixes the vulnerability.

Action-Not Available
Vendor-runtipiruntipi
Product-runtipiruntipi
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-22812
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-4.15% / 88.69%
||
7 Day CHG+0.60%
Published-12 Jan, 2026 | 22:49
Updated-21 Jan, 2026 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.

Action-Not Available
Vendor-anomaanomalyco
Product-opencodeopencode
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-749
Exposed Dangerous Method or Function
CWE ID-CWE-942
Permissive Cross-domain Policy with Untrusted Domains
CVE-2024-43488
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.52% / 85.47%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:36
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code extension for Arduino Remote Code Execution Vulnerability

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-20861
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.72%
||
7 Day CHG~0.00%
Published-21 Jul, 2022 | 03:45
Updated-01 Nov, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus Dashboard Unauthorized Access Vulnerabilities

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_dashboardCisco Nexus Dashboard
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-15858
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-70.21% / 98.69%
||
7 Day CHG~0.00%
Published-03 Sep, 2019 | 06:14
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.

Action-Not Available
Vendor-webcrafticn/a
Product-woody_ad_snippetsn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-38123
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.24%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:59
Updated-13 Mar, 2025 | 21:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability

Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the server configuration. The issue results from the lack of authentication prior to allowing access to password change functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20540.

Action-Not Available
Vendor-inductiveautomationInductive Automationinductiveautomation
Product-ignitionIgnitionignition
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-27980
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-1.44% / 80.81%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 00:00
Updated-05 Feb, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)

Action-Not Available
Vendor-Schneider Electric SE
Product-custom_reportsigss_dashboardigss_data_serverIGSS Dashboard (DashBoard.exe)IGSS Data Server(IGSSdataServer.exe)Custom Reports (RMS16.dll)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-34392
Matching Score-4
Assigner-Schweitzer Engineering Laboratories, Inc.
ShareView Details
Matching Score-4
Assigner-Schweitzer Engineering Laboratories, Inc.
CVSS Score-8.2||HIGH
EPSS-0.09% / 24.95%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 15:31
Updated-01 Oct, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication for Critical Function

A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.

Action-Not Available
Vendor-Schweitzer Engineering Laboratories, Inc. (SEL)
Product-sel-5037_sel_grid_configuratorSEL-5037 SEL Grid Configurator
CWE ID-CWE-306
Missing Authentication for Critical Function
Details not found