Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-44273

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-22 Jun, 2026 | 18:51
Updated At-24 Jun, 2026 | 03:56
Rejected At-
Credits

Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:22 Jun, 2026 | 18:51
Updated At:24 Jun, 2026 | 03:56
Rejected At:
â–¼CVE Numbering Authority (CNA)

Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.

Affected Products
Vendor
Dell Inc.Dell
Product
Wyse Management Suite (WMS)
Default Status
unaffected
Versions
Affected
  • From 0 before 2605 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-1392CWE-1392: Use of Default Credentials
Type: CWE
CWE ID: CWE-1392
Description: CWE-1392: Use of Default Credentials
Metrics
VersionBase scoreBase severityVector
3.16.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Dell would like to thank Christophe Schleypen - NATO OTAN for reporting this issue
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000472001/dsa-2026-247
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000472001/dsa-2026-247
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:22 Jun, 2026 | 20:16
Updated At:26 Jun, 2026 | 19:13

Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Primary3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Dell Inc.
dell
>>wyse_management_suite>>Versions before 2605(exclusive)
cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-1392Secondarysecurity_alert@emc.com
CWE ID: CWE-1392
Type: Secondary
Source: security_alert@emc.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000472001/dsa-2026-247security_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000472001/dsa-2026-247
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

33Records found

CVE-2026-44268
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-Not Assigned
Published-03 Jul, 2026 | 12:15
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-PowerProtect Data Domain
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2026-44269
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-Not Assigned
Published-03 Jul, 2026 | 12:09
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-PowerProtect Data Domain
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-46468
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-Not Assigned
Published-03 Jul, 2026 | 12:58
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-PowerProtect Data Domain
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-23157
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.23% / 13.64%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 20:00
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A authenticated malicious user could potentially exploit this vulnerability in order to view sensitive information from the WMS Server.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_device_agentDell Wyse Device Agent
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-21111
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.13% / 2.62%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 17:38
Updated-24 Jan, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_s670vxrail_e665_firmwarevxrail_p670n_firmwarevxrail_e665fvxrail_p675nvxrail_p570_vcfvxrail_p580nvxrail_g560_vcfvxrail_v570_firmwarevxrail_e560f_vcfvxrail_p580n_vcfvxrail_v570_vcf_firmwarevxrail_vd-4520c_firmwarevxrail_vd-4000zvxrail_e665f_firmwarevxrail_p570vxrail_p670nvxrail_e560fvxrail_v670fvxrail_d560f_firmwarevxrail_vd-4520cvxrail_e665vxrail_e660nvxrail_e560_vcf_firmwarevxrail_e660f_firmwarevxrail_p570f_firmwarevxrail_p580n_firmwarevxrail_e560nvxrail_v570_vcfvxrail_e660n_firmwarevxrail_p570_firmwarevxrail_e560f_firmwarevxrail_vd-4510cvxrail_g560vxrail_e560n_firmwarevxrail_e665nvxrail_p570_vcf_firmwarevxrail_p675f_firmwarevxrail_e560n_vcfvxrail_e660_firmwarevxrail_e560f_vcf_firmwarevxrail_vd-4000wvxrail_g560_vcf_firmwarevxrail_g560fvxrail_v470vxrail_e460_firmwarevxrail_s570_vcfvxrail_p570f_vcf_firmwarevxrail_p670f_firmwarevxrail_e460vxrail_e660vxrail_e560_vcfvxrail_s670_firmwarevxrail_p670fvxrail_p470_firmwarevxrail_d560vxrail_d560fvxrail_v570vxrail_vd-4510c_firmwarevxrail_e560_firmwarevxrail_s570_vcf_firmwarevxrail_g560_firmwarevxrail_s470vxrail_v470_firmwarevxrail_p570fvxrail_e665n_firmwarevxrail_g560f_firmwarevxrail_v670f_firmwarevxrail_p675n_firmwarevxrail_vd-4000rvxrail_d560_firmwarevxrail_s570vxrail_s470_firmwarevxrail_s570_firmwarevxrail_e660fvxrail_vd-4000r_firmwarevxrail_e560vxrail_vd-4000z_firmwarevxrail_e560n_vcf_firmwarevxrail_p570f_vcfvxrail_vd-4000w_firmwarevxrail_p675fvxrail_p580n_vcf_firmwarevxrail_p470Dell VxRail HCI
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-21102
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.16% / 5.70%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 11:25
Updated-24 Jan, 2025 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_s670vxrail_e665_firmwarevxrail_p670n_firmwarevxrail_e665fvxrail_p675nvxrail_p570_vcfvxrail_p580nvxrail_g560_vcfvxrail_v570_firmwarevxrail_e560f_vcfvxrail_p580n_vcfvxrail_v570_vcf_firmwarevxrail_vd-4520c_firmwarevxrail_vd-4000zvxrail_e665f_firmwarevxrail_p570vxrail_p670nvxrail_e560fvxrail_v670fvxrail_d560f_firmwarevxrail_vd-4520cvxrail_e665vxrail_e660nvxrail_e560_vcf_firmwarevxrail_e660f_firmwarevxrail_p570f_firmwarevxrail_p580n_firmwarevxrail_e560nvxrail_v570_vcfvxrail_e660n_firmwarevxrail_p570_firmwarevxrail_e560f_firmwarevxrail_vd-4510cvxrail_g560vxrail_e560n_firmwarevxrail_e665nvxrail_p570_vcf_firmwarevxrail_p675f_firmwarevxrail_e560n_vcfvxrail_e660_firmwarevxrail_e560f_vcf_firmwarevxrail_vd-4000wvxrail_g560_vcf_firmwarevxrail_g560fvxrail_v470vxrail_e460_firmwarevxrail_s570_vcfvxrail_p570f_vcf_firmwarevxrail_p670f_firmwarevxrail_e460vxrail_e660vxrail_e560_vcfvxrail_s670_firmwarevxrail_p670fvxrail_p470_firmwarevxrail_d560vxrail_d560fvxrail_v570vxrail_vd-4510c_firmwarevxrail_e560_firmwarevxrail_s570_vcf_firmwarevxrail_g560_firmwarevxrail_s470vxrail_v470_firmwarevxrail_p570fvxrail_e665n_firmwarevxrail_g560f_firmwarevxrail_v670f_firmwarevxrail_p675n_firmwarevxrail_vd-4000rvxrail_d560_firmwarevxrail_s570vxrail_s470_firmwarevxrail_s570_firmwarevxrail_e660fvxrail_vd-4000r_firmwarevxrail_e560vxrail_vd-4000z_firmwarevxrail_e560n_vcf_firmwarevxrail_p570f_vcfvxrail_vd-4000w_firmwarevxrail_p675fvxrail_p580n_vcf_firmwarevxrail_p470Dell VxRail HCI
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-23376
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-2.3||LOW
EPSS-0.14% / 3.86%
||
7 Day CHG~0.00%
Published-28 Apr, 2025 | 14:34
Updated-13 May, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Data Manager Reporting
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-43590
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.14% / 4.15%
||
7 Day CHG~0.00%
Published-04 Mar, 2022 | 20:35
Updated-16 Sep, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-enterprise_storage_analyticsDell EMC Enterprise Storage Analytics for vRealize Operations
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-36285
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.7||MEDIUM
EPSS-0.22% / 13.00%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_9520latitude_7320_firmwarelatitude_7280_firmwarelatitude_9410latitude_5310_2-in-1precision_3551latitude_7212_rugged_extreme_tablet_firmwarelatitude_7212_rugged_extreme_tabletlatitude_7420latitude_7480precision_3640_tower_firmwarelatitude_5500_firmwarelatitude_5511_firmwareoptiplex_3280_aio_firmwarelatitude_5310_2-in-1_firmwarelatitude_5520latitude_5411_firmwarelatitude_5500optiplex_3080_firmwarelatitude_7370latitude_7370_firmwareoptiplex_7480_aiolatitude_7420_firmwarelatitude_5400_firmwarelatitude_7480_firmwarelatitude_5320_firmwarelatitude_5511optiplex_3080latitude_9510precision_3551_ffirmwareoptiplex_7480_aio_firmwarelatitude_5320latitude_9410_firmwarelatitude_9520_firmwarelatitude_9510_firmwareoptiplex_3280_aiolatitude_5411latitude_5520_firmwareprecision_3640_towerlatitude_7280latitude_7320latitude_5400CPG BIOS
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-36284
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.7||MEDIUM
EPSS-0.22% / 13.00%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute force attack.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_9520latitude_7320_firmwarelatitude_7280_firmwarelatitude_9410latitude_5310_2-in-1precision_3551latitude_7212_rugged_extreme_tablet_firmwarelatitude_7212_rugged_extreme_tabletlatitude_7420latitude_7480precision_3640_tower_firmwarelatitude_5500_firmwarelatitude_5511_firmwareoptiplex_3280_aio_firmwarelatitude_5310_2-in-1_firmwarelatitude_5520latitude_5411_firmwarelatitude_5500optiplex_3080_firmwarelatitude_7370latitude_7370_firmwareoptiplex_7480_aiolatitude_7420_firmwarelatitude_5400_firmwarelatitude_7480_firmwarelatitude_5320_firmwarelatitude_5511optiplex_3080latitude_9510precision_3551_ffirmwareoptiplex_7480_aio_firmwarelatitude_5320latitude_9410_firmwarelatitude_9520_firmwarelatitude_9510_firmwareoptiplex_3280_aiolatitude_5411latitude_5520_firmwareprecision_3640_towerlatitude_7280latitude_7320latitude_5400CPG BIOS
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2026-24511
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.16% / 5.43%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 12:28
Updated-13 Apr, 2026 | 11:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2024-52543
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 6.54%
||
7 Day CHG~0.00%
Published-25 Dec, 2024 | 15:13
Updated-29 Jan, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure Permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-nativeedge_orchestratorNativeEdge
CWE ID-CWE-378
Creation of Temporary File With Insecure Permissions
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-21512
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.9||HIGH
EPSS-0.25% / 16.63%
||
7 Day CHG~0.00%
Published-19 Feb, 2021 | 16:30
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerprotect_cyber_recoveryCyber Recovery
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-21558
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.25% / 16.28%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 18:05
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-34364
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.19% / 8.40%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 19:13
Updated-03 Aug, 2024 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. .

Action-Not Available
Vendor-Dell Inc.
Product-bsafe_ssl-jBSAFE SSL-J
CWE ID-CWE-1295
Debug Messages Revealing Unnecessary Information
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-34445
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.17% / 6.70%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:41
Updated-26 Mar, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-261
Weak Encoding for Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-39582
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-2.3||LOW
EPSS-0.15% / 4.22%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 09:04
Updated-31 Dec, 2025 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-insightiqPowerScale InsightIQ
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-29503
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.1||MEDIUM
EPSS-0.20% / 10.33%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 21:30
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system directory.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerstorePowerStore
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-28077
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.18% / 7.29%
||
7 Day CHG~0.00%
Published-10 Feb, 2024 | 03:11
Updated-02 Aug, 2024 | 12:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.

Action-Not Available
Vendor-Dell Inc.
Product-bsafe_ssl-jDell BSAFE SSL-J
CWE ID-CWE-1295
Debug Messages Revealing Unnecessary Information
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-32483
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.12% / 2.24%
||
7 Day CHG~0.00%
Published-20 Jul, 2023 | 11:49
Updated-17 Oct, 2024 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability. An authenticated malicious user having local access to the system running the application could exploit this vulnerability to read sensitive information written to log files.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-23158
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.69% / 48.08%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 20:00
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server

Action-Not Available
Vendor-Dell Inc.
Product-wyse_device_agentDell Wyse Device Agent
CWE ID-CWE-183
Permissive List of Allowed Inputs
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-38296
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.21% / 11.23%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 02:58
Updated-04 Feb, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-edge_gateway_5200intel_management_engine_firmware_update_utilityedge_gateway_3200Edge Gateway 5200edge_gateway_5200_firmware
CWE ID-CWE-1421
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution
CVE-2024-37135
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-3.3||LOW
EPSS-0.13% / 3.19%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 14:00
Updated-22 Nov, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-dm5500_firmwaredm5500Data Manager Appliance Software (DMAS)
CWE ID-CWE-256
Plaintext Storage of a Password
CVE-2021-21522
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.23% / 13.30%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 03:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5290_2-in-1latitude_7210_2-in-1_firmwarelatitude_7280_firmwarelatitude_9410xps_13_9360latitude_5310_2-in-1latitude_7290xps_13_9360_firmwarelatitude_7389latitude_7212_rugged_extreme_tablet_firmwarelatitude_7212_rugged_extreme_tabletlatitude_7490_firmwarelatitude_7420latitude_7480precision_3640_tower_firmwarelatitude_7390_firmwarelatitude_5285_2-in-1precision_5520latitude_5310_2-in-1_firmwarelatitude_7380_firmwarelatitude_7370latitude_7370_firmwarexps_13_9370latitude_7390_2-in-1_firmwareprecision_5510_firmwarelatitude_7285latitude_7390latitude_5289_2-in-1latitude_7420_firmwarelatitude_7480_firmwarelatitude_7290_firmwarelatitude_5289_2-in-1_firmwarelatitude_7210_2-in-1latitude_7310_firmwarelatitude_7390_2-in-1precision_5530_2-in-1precision_5530_2-in-1_firmwarelatitude_5285_2-in-1_firmwarexps_15_9575_2-in-1_firmwarelatitude_9510latitude_5290_2-in-1_firmwareprecision_5510latitude_7380latitude_7490latitude_7389_firmwarelatitude_9410_firmwarelatitude_7410precision_5520_firmwarelatitude_9510_firmwarelatitude_7310xps_15_9575_2-in-1precision_3640_towerlatitude_7285_firmwarexps_13_9370_firmwarelatitude_7280latitude_7410_firmwareCPG BIOS
CWE ID-CWE-255
Not Available
CVE-2022-34449
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.18% / 7.36%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:53
Updated-24 Mar, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application.

Action-Not Available
Vendor-Dell Inc.
Product-powerpath_management_appliancePowerPath Management Appliance
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2026-22285
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.10% / 1.14%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 16:01
Updated-05 Mar, 2026 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Device Management Agent (DDMA), versions prior to 26.02, contain a Plaintext Storage of Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized Access.

Action-Not Available
Vendor-Dell Inc.
Product-device_management_agentDevice Management Agent (DDMA)
CWE ID-CWE-256
Plaintext Storage of a Password
CVE-2022-31239
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.23% / 13.34%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 18:05
Updated-07 May, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-43938
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5||MEDIUM
EPSS-0.10% / 1.27%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 16:03
Updated-20 Oct, 2025 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to gain unauthorized access with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Data Manager
CWE ID-CWE-256
Plaintext Storage of a Password
CVE-2025-43886
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.15% / 4.39%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 16:08
Updated-20 Oct, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Data Manager
CWE ID-CWE-35
Path Traversal: '.../...//'
CVE-2025-43724
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.12% / 1.88%
||
7 Day CHG~0.00%
Published-08 Oct, 2025 | 14:45
Updated-31 Oct, 2025 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain unauthorized access to NFSv4 or SMB shares.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-32652
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 0.98%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 15:29
Updated-23 Jun, 2026 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earlier than 1.18.3. Systems that have been upgraded (either manually or automatically) to version 1.18.3 or later are not impacted, even if they were originally installed on an earlier version.

Action-Not Available
Vendor-Dell Inc.
Product-aiops_collectorAIOps
CWE ID-CWE-1392
Use of Default Credentials
CVE-2026-22273
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.33% / 25.14%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 09:14
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-objectscaleelastic_cloud_storageObjectScale
CWE ID-CWE-1392
Use of Default Credentials
CVE-2024-39584
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.20% / 10.32%
||
7 Day CHG~0.00%
Published-28 Aug, 2024 | 05:46
Updated-20 Dec, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_x15_r2_firmwarealienware_aurora_r13_firmwarealienware_x17_r2alienware_x17_r1alienware_m17_r4_firmwarealienware_x15_r2alienware_m17_r3alienware_aurora_r15_amd_firmwarealienware_area_51m_r2_firmwarealienware_aurora_ryzen_edition_r14_firmwarexps_8960xps_8950alienware_x15_r1_firmwarealienware_x15_r1xps_8960_firmwarealienware_aurora_ryzen_edition_r14inspiron_3502_firmwarealienware_aurora_r13inspiron_15_3521_firmwareinspiron_15_3510alienware_m17_r4alienware_area_51m_r2xps_8950_firmwarealienware_x17_r1_firmwarealienware_x14_firmwarealienware_m15_r3_firmwarealienware_m17_r3_firmwarealienware_x17_r2_firmwarealienware_m15_r4alienware_x14inspiron_3502inspiron_15_3521alienware_m15_r3alienware_aurora_r15_amdalienware_aurora_r15aurora_r16inspiron_15_3510_firmwarealienware_aurora_r15_firmwareaurora_r16_firmwareDell Client Platform BIOSalienware_x15_r1_firmwarealienware_aurora_r15_amd_firmwarealienware_m17_r3_firmwarealienware_x14_firmware
CWE ID-CWE-1392
Use of Default Credentials
Details not found