Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-49502

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-17 Jun, 2026 | 14:30
Updated At-18 Jun, 2026 | 14:29
Rejected At-
Credits

Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure, Information tampering, and Unauthorized access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:17 Jun, 2026 | 14:30
Updated At:18 Jun, 2026 | 14:29
Rejected At:
â–¼CVE Numbering Authority (CNA)

Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure, Information tampering, and Unauthorized access.

Affected Products
Vendor
Dell Inc.Dell
Product
PowerFlex
Default Status
unaffected
Versions
Affected
  • From 0 before 5.1.0.1 or later (semver)
  • From 0 before 4.5.5.2 or later (semver)
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287: Improper Authentication
Type: CWE
CWE ID: CWE-287
Description: CWE-287: Improper Authentication
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
other
Dell would like to thank brocked200 for reporting this issue.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:17 Jun, 2026 | 15:16
Updated At:22 Jun, 2026 | 18:33

Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure, Information tampering, and Unauthorized access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.4HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Primary3.18.1HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches
Dell Inc.
dell
>>powerflex_manager>>Versions before 4.5.5.2(exclusive)
cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>powerflex_manager>>Versions from 4.6.0(inclusive) to 5.1.0.1(exclusive)
cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Secondarysecurity_alert@emc.com
CWE ID: CWE-287
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilitiessecurity_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

40Records found
CVE-2025-22478
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.24% / 14.14%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 15:55
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.

Action-Not Available
Vendor-Dell Inc.
Product-storage_managerDell Storage Center - Dell Storage Manager
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2026-22764
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 11.92%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 10:56
Updated-13 Feb, 2026 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_network_integrationOpenManage Network Integration
CWE ID-CWE-287
Improper Authentication
CVE-2022-34379
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.4||CRITICAL
EPSS-0.85% / 53.44%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 18:45
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system.

Action-Not Available
Vendor-Dell Inc.
Product-cloudlinkCloudLink
CWE ID-CWE-287
Improper Authentication
CVE-2022-34380
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.3||CRITICAL
EPSS-0.19% / 8.97%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 18:45
Updated-16 Sep, 2024 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system.

Action-Not Available
Vendor-Dell Inc.
Product-cloudlinkCloudLink
CWE ID-CWE-287
Improper Authentication
CVE-2017-8023
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-5.88% / 92.25%
||
7 Day CHG~0.00%
Published-01 Apr, 2019 | 20:54
Updated-16 Sep, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EMC Networker Remote Code Execution Vulnerability

EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetworker
CWE ID-CWE-287
Improper Authentication
CVE-2022-29083
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.36% / 27.25%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 20:15
Updated-14 Apr, 2026 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prior Dell BIOS versions contain an Improper Authentication vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability by bypassing drive security mechanisms in order to gain access to the system.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5410xps_8940inspiron_5310inspiron_3470precision_7730_firmwarevostro_5510_firmwareprecision_3551optiplex_7470vostro_5491precision_7730optiplex_7770_firmwareprecision_3640_tower_firmwareinspiron_7610precision_3650_towervostro_3881_firmwarevostro_3490_firmwarelatitude_5511_firmwarelatitude_7210_firmwareinspiron_5493precision_3550latitude_5510vostro_3888inspiron_7490vostro_3888_firmwareoptiplex_5070_firmwareinspiron_7610_firmwareprecision_7540wyse_5470vostro_3501_firmwarewyse_5070inspiron_3593_firmwareoptiplex_5080precision_3440inspiron_5494_firmwarelatitude_5511precision_3440_firmwarevostro_3070_firmwareg5_5000_firmwareoptiplex_7460_firmwareoptiplex_7071vostro_5310inspiron_5510_firmwareprecision_3550_firmwarelatitude_9410_firmwarelatitude_7410vostro_15_7580_firmwareg5_5587_firmwarevostro_15_7580latitude_5411g7_7588_firmwareoptiplex_3070_firmwarelatitude_7410_firmwareprecision_7740_firmwareg3_3579_firmwarevostro_3590_firmwareprecision_3431_toweroptiplex_3060_firmwareinspiron_3780optiplex_7760_firmwarevostro_3681vostro_5491_firmwarelatitude_5410_firmwarechengming_3980_firmwarevostro_5090_firmwareinspiron_3780_firmwareinspiron_7490_firmwareprecision_3530g7_7588latitude_5411_firmwarelatitude_3120_firmwareinspiron_3470_firmwarelatitude_5591inspiron_3593optiplex_7070_ultraprecision_7740inspiron_3880_firmwareinspiron_5310_firmwareg5_5090latitude_7310_firmwareoptiplex_7071_firmwareoptiplex_5080_firmwareinspiron_3790_firmwarelatitude_9510inspiron_5493_firmwareoptiplex_5070inspiron_3480inspiron_3480_firmwareprecision_3930_rack_firmwareinspiron_3670g5_5000inspiron_3793_firmwareprecision_3430_tower_firmwarevostro_3681_firmwareoptiplex_5060_firmwarevostro_3580_firmwarelatitude_9510_firmwarevostro_3590precision_3640_toweroptiplex_3090_firmwarevostro_5510optiplex_7770optiplex_5270precision_7530_firmwareinspiron_5410latitude_9410latitude_5510_firmwareinspiron_3790optiplex_7070optiplex_7080_firmwarevostro_3670vostro_3583_firmwareinspiron_3670_firmwarelatitude_3190_firmwareinspiron_5410_firmwarelatitude_5310inspiron_5494inspiron_3501_firmwarevostro_5410_firmwareg3_3779_firmwareinspiron_5594latitude_7210inspiron_3880precision_3431_tower_firmwareoptiplex_3080_firmwareinspiron_5510precision_7550_firmwareprecision_3930_rackprecision_7550vostro_3490chengming_3991vostro_5591inspiron_3881vostro_5090latitude_3190optiplex_3080inspiron_3881_firmwarevostro_7510_firmwarelatitude_5591_firmwareinspiron_3501optiplex_5260latitude_5310_firmwarevostro_7510vostro_3070inspiron_3793inspiron_7510_firmwareprecision_3430_towerinspiron_3580_firmwarevostro_3501latitude_7310optiplex_5260_firmwarewyse_5070_firmwarechengming_3990vostro_3670_firmwarevostro_3583xps_8940_firmwarelatitude_5491_firmwarechengming_3990_firmwarevostro_5880_firmwarewyse_5470_all-in-one_firmwarelatitude_3120optiplex_3090vostro_3480inspiron_3493inspiron_5594_firmwarechengming_3980precision_3551_firmwarevostro_5410precision_7540_firmwareoptiplex_7070_ultra_firmwareoptiplex_7760optiplex_3060vostro_3401_firmwareoptiplex_5060inspiron_5593_firmwareoptiplex_7060vostro_3881inspiron_5593vostro_5310_firmwarewyse_5470_firmwareprecision_3630_towerg5_5587vostro_3470wyse_5470_all-in-oneg5_5090_firmwareinspiron_7510optiplex_3070inspiron_3493_firmwareprecision_3530_firmwarelatitude_3320optiplex_5270_firmwareprecision_7530precision_3240_compactprecision_7750_firmwareoptiplex_7470_firmwarevostro_3480_firmwareoptiplex_7460optiplex_xe3_firmwarevostro_3401chengming_3991_firmwareprecision_7750vostro_3580vostro_5880optiplex_7070_firmwareoptiplex_xe3latitude_3320_firmwareprecision_3650_tower_firmwareoptiplex_7060_firmwareinspiron_3580latitude_5491precision_3240_compact_firmwareg3_3579g3_3779precision_3630_tower_firmwarevostro_3470_firmwareoptiplex_7080vostro_5591_firmwareCPG BIOS
CWE ID-CWE-287
Improper Authentication
CVE-2018-1237
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-1.58% / 72.41%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 21:00
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA.

Action-Not Available
Vendor-Dell Inc.
Product-emc_scaleioScaleIO
CWE ID-CWE-287
Improper Authentication
CVE-2022-26858
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.17% / 5.98%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 20:15
Updated-27 May, 2026 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5401vostro_5391_firmwareoptiplex_7770_all-in-onexps_15_9510_firmwareinspiron_3470latitude_e7270inspiron_7300_firmwarelatitude_3520vostro_3468precision_3561_firmwareinspiron_7570vostro_3669xps_17_9710_firmwareg5_15_5587inspiron_5590_firmwareprecision_7560g7_17_7790_firmwarelatitude_5179latitude_7380_firmwarevostro_3888xps_13_9370inspiron_5570inspiron_7490vostro_3888_firmwarelatitude_e5270precision_7540wyse_7040_thin_clientwyse_5070latitude_9420inspiron_5490_firmwarelatitude_5590optiplex_5080inspiron_5502latitude_5511latitude_7390_2-in-1inspiron_7501precision_5530_2-in-1inspiron_7300_2-in-1precision_5550xps_17_9700inspiron_7580_firmwareprecision_7720vostro_5581_firmwarelatitude_5300vostro_3400latitude_3380_firmwareoptiplex_7760_aiog3_3500precision_5530_firmwareoptiplex_5040vostro_15_7580optiplex_5050latitude_7320latitude_3470inspiron_15_gaming_7577latitude_7300optiplex_7090optiplex_3050_aioprecision_3620_towervostro_5468g7_17_7700_firmwarexps_13_9360optiplex_5055_firmwareprecision_3431_toweroptiplex_3060_firmwareinspiron_5490_aio_firmwareinspiron_7000latitude_3420latitude_3590_firmwarelatitude_7490_firmwarevostro_5491_firmwareprecision_5520latitude_5310_2-in-1_firmwareinspiron_7490_firmwareinspiron_5409latitude_7400latitude_5591optiplex_5270_all-in-one_firmwareinspiron_3471inspiron_3511_firmwarelatitude_3390optiplex_5050_firmwareprecision_7520_firmwareoptiplex_7071_firmwarelatitude_5175_firmwareinspiron_7586optiplex_3040_firmwarelatitude_3400optiplex_5070latitude_3420_firmwareg5_5000inspiron_13_5378_firmwarexps_15_9575_2-in-1inspiron_5491_2-in-1_firmwarelatitude_7285_firmwareoptiplex_3090_firmwareoptiplex_3240_all-in-onexps_13_9370_firmwarevostro_3581_firmwareinspiron_7506_2-in-1_firmwarelatitude_7320_detachable_firmwarevostro_3581latitude_9410optiplex_7070latitude_3570optiplex_7080_firmwarelatitude_5420_rugged_firmwareinspiron_5491_aio_firmwareinspiron_15_5578_firmwarelatitude_5310vostro_5391latitude_3301inspiron_5594latitude_5420_ruggedoptiplex_7090_ultra_firmwarevostro_3268_firmwarevostro_3660inspiron_7000_firmwarelatitude_7220_rugged_extreme_tabletprecision_3450inspiron_5510latitude_7390_2-in-1_firmwarelatitude_5495inspiron_5400latitude_7480_firmwarevostro_3568latitude_e5470_firmwarevostro_5591vostro_5090precision_5560latitude_3190vostro_5370latitude_7220ex_rugged_extreme_tablet_firmwareinspiron_5580_firmwareinspiron_3881_firmwarelatitude_5488latitude_5521vostro_3478latitude_7380optiplex_5480_all-in-one_firmwareprecision_3540inspiron_3910inspiron_7510_firmwareinspiron_3580_firmwarelatitude_7520inspiron_3781_firmwarevostro_5370_firmwarewyse_5070_firmwarevostro_3670_firmwareinspiron_15_gaming_7577_firmwarelatitude_3310latitude_7414_rugged_extreme_firmwarelatitude_5290_2-in-1precision_7520vostro_3660_firmwarewyse_5470_all-in-one_firmwareinspiron_5482precision_7820_toweroptiplex_3090latitude_7290vostro_5410latitude_7212_rugged_extreme_tablet_firmwareinspiron_5402precision_7540_firmwareinspiron_7700_aiolatitude_7480vostro_3401_firmwareinspiron_7391_firmwarevostro_3881vostro_5401edge_gateway_5000_firmwareinspiron_5593wyse_5470_firmwarelatitude_5420_firmwareprecision_3561inspiron_7580vostro_5390_firmwareinspiron_5770latitude_3580vostro_5300precision_5820_tower_firmwareinspiron_3493_firmwarelatitude_3190_2-in-1_firmwarevostro_5301xps_15_9510inspiron_5480_firmwareinspiron_3590latitude_7210_2-in-1optiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268optiplex_7070_firmwarealienware_m15_r6_firmwareoptiplex_5270_all-in-oneinspiron_5410_2-in-1optiplex_xe3vostro_3584precision_5510latitude_3301_firmwareinspiron_7370vostro_3481_firmwarelatitude_5491latitude_9520_firmwareprecision_5560_firmwarevostro_5468_firmwarevostro_3690_firmwareoptiplex_7040inspiron_7386latitude_5520_firmwareoptiplex_5090optiplex_5480_all-in-oneinspiron_5591_2-in-1_firmwarelatitude_7280latitude_5400latitude_5410inspiron_7373_firmwareprecision_3541xps_8940optiplex_7050_firmwareprecision_7730_firmwarelatitude_3379_firmwarelatitude_5401_firmwareprecision_3551vostro_5491precision_5820_towerprecision_7730inspiron_7380precision_3640_tower_firmwareinspiron_7610latitude_7275_2-in-1_firmwarevostro_5301_firmwareg7_17_7790vostro_5890embedded_box_pc_3000inspiron_5400_2-in-1latitude_7285inspiron_7570_firmwarelatitude_5400_firmwareinspiron_7610_firmwareoptiplex_7770_all-in-one_firmwareinspiron_5400_2-in-1_firmwareinspiron_7391vostro_3671_firmwareprecision_3440vostro_5402optiplex_7090_ultrag5_5000_firmwareoptiplex_7470_all-in-oneoptiplex_7460_firmwareoptiplex_5250_firmwareinspiron_3576inspiron_3671_firmwareinspiron_7500_2-in-1_firmwareinspiron_5510_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwarevostro_15_7580_firmwarelatitude_7214inspiron_3781vostro_3690inspiron_3576_firmwareinspiron_5300_firmwareg7_7588_firmwarelatitude_3570_firmwareoptiplex_3050_firmwareoptiplex_7490_all-in-onevostro_7500inspiron_7590_firmwareinspiron_7791_firmwarevostro_3568_firmwareprecision_7740_firmwareinspiron_15_3567latitude_7389vostro_3681inspiron_5570_firmwareprecision_7920_towerlatitude_7400_2-in-1_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530g7_7588latitude_5411_firmwarelatitude_3510_firmwareinspiron_3470_firmwareinspiron_3593optiplex_7070_ultrainspiron_5370precision_7740xps_13_9365inspiron_3481_firmwareprecision_5530latitude_7275_2-in-1latitude_7310_firmwareoptiplex_7440_aioinspiron_15_5579_firmwareinspiron_7306_2-in-1xps_13_9310_firmwareinspiron_3790_firmwarelatitude_9510optiplex_3280_all-in-oneinspiron_5770_firmwareinspiron_7586_firmwareprecision_5760_firmwarelatitude_3180_firmwarevostro_3681_firmwarevostro_3580_firmwareinspiron_3581_firmwareinspiron_17_7773latitude_9510_firmwarevostro_5890_firmwareinspiron_3910_firmwareinspiron_5406_2-in-1optiplex_5490_aio_firmwareprecision_7760_firmwarelatitude_3490_firmwarelatitude_5300_2-in-1_firmwareinspiron_3511vostro_3668xps_13_9305_firmwareinspiron_5410latitude_7280_firmwarevostro_5502vostro_3670edge_gateway_3000latitude_5280latitude_5179_firmwareoptiplex_7780_all-in-oneinspiron_5490inspiron_15_5578inspiron_3501_firmwarelatitude_5300_firmwarewyse_7040_thin_client_firmwareinspiron_3880inspiron_5580latitude_5480_firmwareprecision_3930_rackprecision_7550vostro_3490inspiron_5391g5_15_5590_firmwareinspiron_5598latitude_5320_firmwarexps_7590_firmwareoptiplex_3080latitude_3480precision_5750latitude_rugged_5430vostro_3671inspiron_7591latitude_7310inspiron_7790latitude_5421_firmwareinspiron_7500inspiron_7790_firmwareg15_5511latitude_3379precision_5760vostro_3584_firmwareoptiplex_7480_all-in-onechengming_3990_firmwarevostro_3478_firmwareprecision_3520_firmwareinspiron_5594_firmwarechengming_3980precision_3551_firmwareoptiplex_7070_ultra_firmwareinspiron_7700_aio_firmwarevostro_3400_firmwarevostro_5310_firmwareoptiplex_7060latitude_5290_firmwarelatitude_7424_rugged_extremeinspiron_13_5379_firmwareoptiplex_7480_all-in-one_firmwareg5_5090_firmwareoptiplex_3240_all-in-one_firmwarelatitude_7390vostro_3500g3_15_3590latitude_3390_firmwareprecision_3240_compactinspiron_14_3476precision_7750_firmwarelatitude_3520_firmwarelatitude_5285_2-in-1_firmwareinspiron_5490_aiovostro_3401chengming_3991_firmwarevostro_3480_firmwarevostro_7590_firmwareprecision_3510_firmwareinspiron_7400inspiron_7370_firmwareprecision_3650_tower_firmwarelatitude_7389_firmwareinspiron_7500_2-in-1optiplex_7470_all-in-one_firmwarevostro_3510latitude_e7470precision_3630_tower_firmwareoptiplex_5040_firmwarexps_13_9310_2-in-1inspiron_3581inspiron_13_7378vostro_5568inspiron_5400_firmwareinspiron_15_5566_firmwarelatitude_5424_ruggedlatitude_5488_firmwareinspiron_5583inspiron_7500_firmwareprecision_3541_firmwareinspiron_5591_2-in-1g5_5500g5_15_5587_firmwareinspiron_15_7572inspiron_7506_2-in-1vostro_5568_firmwareg7_7500precision_3650_towerinspiron_7373latitude_7200_2-in-1latitude_5511_firmwarevostro_3490_firmwarevostro_3881_firmwareoptiplex_7040_firmwareinspiron_5493precision_3550inspiron_3891_firmwarelatitude_7370_firmwarelatitude_7370optiplex_3090_ultra_firmwarelatitude_7420_firmwareoptiplex_5070_firmwareinspiron_5501vostro_5501_firmwarelatitude_3310_2-in-1inspiron_5390_firmwareoptiplex_3090_ultralatitude_5490vostro_3070_firmwareinspiron_7390_firmwarexps_7590latitude_3190_2-in-1optiplex_7071edge_gateway_5000vostro_3481inspiron_3891inspiron_7786vostro_5310xps_13_9305latitude_9410_firmwarevostro_7590latitude_e7270_firmwarelatitude_5280_firmwarelatitude_3180inspiron_7300_2-in-1_firmwareinspiron_7706_2-in-1_firmwarelatitude_5300_2-in-1latitude_7424_rugged_extreme_firmwarelatitude_e5470optiplex_7090_firmwareoptiplex_3070_firmwareg15_5511_firmwarelatitude_7410_firmwarevostro_3667latitude_e7470_firmwareoptiplex_5260_all-in-oneprecision_7720_firmwarelatitude_5310_2-in-1vostro_3910inspiron_5491_aioinspiron_13_5378inspiron_3780inspiron_7380_firmwareg5_5500_firmwarelatitude_rugged_7330_firmwarelatitude_7390_firmwarelatitude_5500_firmwareprecision_7710latitude_5410_firmwarevostro_5090_firmwarelatitude_3400_firmwarevostro_3890latitude_3510precision_3560_firmwareinspiron_5584precision_3520inspiron_17_7773_firmwareinspiron_7573_firmwarelatitude_5495_firmwarelatitude_e5570vostro_5401_firmwareinspiron_3880_firmwareinspiron_5310_firmwareinspiron_5501_firmwareg5_5090optiplex_3050precision_7820_tower_firmwareoptiplex_5055optiplex_5080_firmwarelatitude_e5270_firmwareinspiron_5493_firmwarevostro_3471xps_17_9700_firmwareinspiron_3480_firmwareoptiplex_5060_firmwarevostro_3590vostro_5390vostro_3578vostro_5590_firmwarelatitude_3470_firmwareprecision_7530_firmwareinspiron_3790vostro_3583_firmwareinspiron_15_5566latitude_3190_firmwareinspiron_5494xps_15_9500latitude_5500inspiron_15_5582inspiron_5508_firmwareprecision_7550_firmwarelatitude_3500_firmwarechengming_3991latitude_5288_firmwareinspiron_7501_firmwareinspiron_5480optiplex_7760_aio_firmwareg15_5510_firmwarevostro_7510_firmwarelatitude_5290_2-in-1_firmwareinspiron_3471_firmwarevostro_3669_firmwarevostro_7510inspiron_7791latitude_5501latitude_7400_firmwareprecision_7710_firmwarelatitude_3590vostro_3501precision_3450_firmwareinspiron_7472_firmwarechengming_3990inspiron_5301vostro_3583latitude_5491_firmwarevostro_5880_firmwarexps_17_9710inspiron_3493precision_5750_firmwarelatitude_7214_firmwarexps_13_9365_firmwareoptiplex_3060optiplex_5060latitude_5285_2-in-1chengming_3988_firmwareinspiron_5482_firmwarelatitude_3410_firmwarelatitude_5520inspiron_7510vostro_5481wyse_5470_all-in-oneinspiron_7400_firmwareprecision_3530_firmwarelatitude_3320inspiron_5583_firmwarexps_13_9310_2-in-1_firmwarelatitude_5580_firmwarelatitude_3189inspiron_5410_2-in-1_firmwarexps_15_9575_2-in-1_firmwarevostro_3580precision_7750inspiron_7472latitude_5175inspiron_14_3467_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarelatitude_3320_firmwareinspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579inspiron_7386_firmwareoptiplex_7080vostro_3578_firmwareg15_5510vostro_7500_firmwarelatitude_5480inspiron_5310vostro_5510_firmwarevostro_5471_firmwareinspiron_14_3476_firmwareoptiplex_3046vostro_3468_firmwarelatitude_5414_rugged_firmwarelatitude_5424_rugged_firmwarelatitude_rugged_7330inspiron_15_5582_firmwarelatitude_7300_firmwarelatitude_5421latitude_9420_firmwarelatitude_5510g7_17_7700inspiron_5401_aio_firmwarevostro_5300_firmwarewyse_5470optiplex_5090_firmwarevostro_3501_firmwareinspiron_3593_firmwareoptiplex_7780_all-in-one_firmwarevostro_3710_firmwareinspiron_5481inspiron_5494_firmwareprecision_3440_firmwareprecision_5530_2-in-1_firmwarexps_27_7760inspiron_7786_firmwarelatitude_3310_2-in-1_firmwareinspiron_15_5579latitude_5320latitude_7410inspiron_3590_firmwarelatitude_5501_firmwarexps_27_7760_firmwareoptiplex_3280_all-in-one_firmwarexps_15_9500_firmwarelatitude_5411precision_7760optiplex_7450_firmwareinspiron_7306_2-in-1_firmwareoptiplex_7450vostro_3500_firmwareoptiplex_3050_aio_firmwareinspiron_15_3567_firmwareg3_3579_firmwarelatitude_7320_detachableinspiron_5509latitude_3480_firmwarelatitude_3189_firmwarelatitude_9520xps_13_9360_firmwarevostro_3590_firmwareinspiron_5406_2-in-1_firmwareinspiron_5498optiplex_7440_aio_firmwarelatitude_7420inspiron_7591_firmwarelatitude_5290inspiron_5300inspiron_7706_2-in-1inspiron_5508latitude_5289_firmwareprecision_5550_firmwarechengming_3980_firmwareinspiron_5491_2-in-1g7_7500_firmwarelatitude_3120_firmwarelatitude_5590_firmwareinspiron_15_7572_firmwareinspiron_5590vostro_5481_firmwarevostro_5490inspiron_5301_firmwarevostro_3267inspiron_14_3467g3_15_3590_firmwareinspiron_3671inspiron_5408_firmwareinspiron_5498_firmwareprecision_5540vostro_5490_firmwareinspiron_3480latitude_7520_firmwarelatitude_3490precision_3930_rack_firmwarevostro_3710inspiron_3670latitude_5420inspiron_7300inspiron_3793_firmwareinspiron_5402_firmwareinspiron_7390precision_3430_tower_firmwareprecision_7560_firmwarelatitude_3300_firmwarevostro_5471latitude_7400_2-in-1precision_3640_towervostro_5510inspiron_3490vostro_5581latitude_7210_2-in-1_firmwarelatitude_rugged_5430_firmwarexps_13_9310latitude_5510_firmwarevostro_3510_firmwareinspiron_3670_firmwarevostro_15_7570inspiron_5410_firmwarelatitude_7212_rugged_extreme_tabletlatitude_e5570_firmwareinspiron_5408latitude_7220_rugged_extreme_tablet_firmwarevostro_5410_firmwarevostro_5502_firmwareprecision_3540_firmwareoptiplex_3046_firmwarelatitude_3380latitude_5289g3_3500_firmwareprecision_3431_tower_firmwarevostro_3471_firmwareoptiplex_3080_firmwarelatitude_3410precision_5510_firmwarevostro_5402_firmwareprecision_3420_towerg5_15_5590optiplex_7490_all-in-one_firmwareinspiron_3881xps_13_9380latitude_7220ex_rugged_extreme_tabletlatitude_7414_rugged_extremeprecision_3420_tower_firmwarelatitude_5490_firmwarelatitude_5591_firmwareinspiron_3501latitude_5310_firmwarelatitude_3500vostro_3070inspiron_3793precision_3430_towerinspiron_5481_firmwarealienware_m15_r6precision_5520_firmwarevostro_3890_firmwareoptiplex_5490_aiochengming_3988xps_15_7590latitude_3300latitude_5580precision_3620_tower_firmwareinspiron_5584_firmwareedge_gateway_3000_firmwareprecision_5540_firmwareinspiron_5401_firmwareinspiron_7573vostro_5501vostro_5590xps_8940_firmwarelatitude_7320_firmwarelatitude_3120vostro_3480precision_3560inspiron_5401_aiooptiplex_5260_all-in-one_firmwareinspiron_5509_firmwareinspiron_5593_firmwarelatitude_7200_2-in-1_firmwareprecision_3630_towerlatitude_3580_firmwareinspiron_5598_firmwarevostro_3470latitude_5414_ruggedoptiplex_3070inspiron_13_7378_firmwareoptiplex_3040vostro_3910_firmwarelatitude_7290_firmwareprecision_7530inspiron_5370_firmwareinspiron_5391_firmwareinspiron_5502_firmwareoptiplex_7460xps_15_7590_firmwareembedded_box_pc_5000_firmwareoptiplex_7050inspiron_3490_firmwareinspiron_5409_firmwareprecision_3510xps_13_9380_firmwareinspiron_13_5379inspiron_5390latitude_5288latitude_7490optiplex_7060_firmwareprecision_3240_compact_firmwarelatitude_5521_firmwareinspiron_5401optiplex_5250vostro_3667_firmwareprecision_7920_tower_firmwarevostro_5591_firmwarevostro_15_7570_firmwareCPG BIOS
CWE ID-CWE-287
Improper Authentication
CVE-2022-26870
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.62% / 45.16%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 18:05
Updated-07 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit.

Action-Not Available
Vendor-Dell Inc.
Product-powerstoreosPowerStore
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2022-26865
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.29% / 20.62%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-16 Sep, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_os_recoveryDell OS Recovery Tool
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2022-24422
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.6||CRITICAL
EPSS-53.82% / 98.86%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-16 Sep, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9Integrated Dell Remote Access Controller 9
CWE ID-CWE-287
Improper Authentication
CVE-2022-23156
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.24% / 14.49%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 20:00
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_device_agentDell Wyse Device Agent
CWE ID-CWE-287
Improper Authentication
CVE-2026-32804
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.22% / 11.78%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 14:36
Updated-22 Jun, 2026 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-powerflex_managerPowerFlex
CWE ID-CWE-287
Improper Authentication
CVE-2006-2113
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-1.90% / 76.99%
||
7 Day CHG~0.00%
Published-25 Aug, 2006 | 01:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server.

Action-Not Available
Vendor-fuji_xeroxn/aDell Inc.
Product-3100cndocuprint_181docuprint_211_network_option_carddocuprint_c1616docuprint_c525a_network_option_carddocuprint_c525adocuprint_c2535adocuprint_c8303110cnfuji_xerox_printing_systems_print_enginedocuprint_c830_network_option_carddocuprint_181_network_option_cardphaser_6201jdocuprint_c1616_network_option_card3000cndocuprint_2115100cn3010cn5110cnn/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-36350
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-1.09% / 61.07%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:05
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-287
Improper Authentication
CVE-2021-36346
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-4.18% / 89.61%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 22:15
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver.

Action-Not Available
Vendor-Dell Inc.
Product-integrated_dell_remote_access_controller_8_firmwareintegrated_dell_remote_access_controller_8Integrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-287
Improper Authentication
CVE-2021-36308
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-3.20% / 86.48%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 01:40
Updated-16 Sep, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-networking_os10Networking OS
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2021-21544
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-2.7||LOW
EPSS-0.92% / 55.64%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 20:55
Updated-17 Sep, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CWE ID-CWE-287
Improper Authentication
CVE-2021-21513
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.6||HIGH
EPSS-5.74% / 92.06%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 16:00
Updated-16 Sep, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_server_administratorDell Open Manage Server Administrator
CWE ID-CWE-287
Improper Authentication
CVE-2021-21502
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-1.41% / 69.21%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-16 Sep, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-287
Improper Authentication
CVE-2021-21564
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-1.58% / 72.40%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 21:05
Updated-17 Sep, 2024 | 03:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_enterpriseDell OpenManage Enterprise
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2021-21538
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.6||CRITICAL
EPSS-1.73% / 74.58%
||
7 Day CHG~0.00%
Published-29 Jul, 2021 | 15:55
Updated-17 Sep, 2024 | 01:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-287
Improper Authentication
CVE-2021-36306
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-3.57% / 87.87%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 01:40
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-networking_os10Networking OS
CWE ID-CWE-287
Improper Authentication
CVE-2025-46607
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.37% / 28.52%
||
7 Day CHG~0.00%
Published-17 Apr, 2026 | 11:13
Updated-05 May, 2026 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-287
Improper Authentication
CVE-2025-46641
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.35% / 27.17%
||
7 Day CHG~0.00%
Published-17 Apr, 2026 | 11:19
Updated-05 May, 2026 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-287
Improper Authentication
CVE-2025-43995
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 52.49%
||
7 Day CHG-0.00%
Published-24 Oct, 2025 | 14:09
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An unauthenticated remote attacker can access APIs exposed by ApiProxy.war in DataCollectorEar.ear by using a special SessionKey and UserId. These userid are special users created in compellentservicesapi for special purposes.

Action-Not Available
Vendor-Dell Inc.
Product-storage_managerDell Storage Manager
CWE ID-CWE-287
Improper Authentication
CVE-2020-5384
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.39% / 30.55%
||
7 Day CHG~0.00%
Published-31 Jul, 2020 | 17:45
Updated-16 Sep, 2024 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-multifactor_authentication_agentRSA Authentication Agent for Microsoft Windows
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2025-26475
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 4.53%
||
7 Day CHG+0.01%
Published-19 Mar, 2025 | 15:13
Updated-20 May, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack exposure, preventing accidental misconfigurations, and ensuring security controls remain active.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway (SCG) 5.0 Appliance - SRS
CWE ID-CWE-287
Improper Authentication
CVE-2023-44302
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-1.12% / 61.86%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 08:44
Updated-02 Aug, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access of resources or functionality that could possibly lead to execute arbitrary code.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_manager_dm5500_firmwarepowerprotect_data_manager_dm5500Dell PowerProtect Data Manager DM5500 Appliance
CWE ID-CWE-287
Improper Authentication
CVE-2025-22477
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.3||HIGH
EPSS-0.26% / 17.01%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 16:03
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-storage_managerDell Storage Center - Dell Storage Manager
CWE ID-CWE-287
Improper Authentication
CVE-2013-4783
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.38% / 87.23%
||
7 Day CHG~0.00%
Published-08 Jul, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet."

Action-Not Available
Vendor-n/aDell Inc.
Product-idrac6_bmcn/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-28073
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.17% / 6.56%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 10:42
Updated-04 Dec, 2024 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5530precision_3570_firmwarelatitude_5530_firmwareprecision_3570CPG BIOS
CWE ID-CWE-287
Improper Authentication
CVE-2022-34372
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-1.03% / 59.27%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 18:45
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_cyber_recoveryCyber Recovery
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2010-0834
Matching Score-6
Assigner-Canonical Ltd.
ShareView Details
Matching Score-6
Assigner-Canonical Ltd.
CVSS Score-9.3||HIGH
EPSS-2.71% / 84.07%
||
7 Day CHG~0.00%
Published-09 Aug, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.

Action-Not Available
Vendor-n/aUbuntuDell Inc.
Product-ubuntu_linuxlatitude_2110_netbookn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-0695
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-69.60% / 99.27%
||
7 Day CHG~0.00%
Published-19 Jun, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.

Action-Not Available
Vendor-n/aDell Inc.
Product-wyse_device_managern/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-32453
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.6||MEDIUM
EPSS-0.21% / 11.19%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 19:22
Updated-02 Oct, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_9330inspiron_15_3511vostro_5510_firmwareinspiron_7500_firmwarevostro_5491optiplex_tower_plus_7010_firmwareinspiron_7610precision_3650_towerlatitude_rugged_7330chengming_3910_firmwarelatitude_3430_firmwareinspiron_5493optiplex_7410_all-in-oneprecision_7960_towerinspiron_24_5420_all-in-oneinspiron_3891_firmwarevostro_5890optiplex_3000g7_17_7700inspiron_7490inspiron_24_5421_all-in-onelatitude_7420_firmwareprecision_5860_tower_firmwareinspiron_7610_firmwarexps_13_7390_2-in-1_firmwarexps_13_9315inspiron_15_3511_firmwareoptiplex_5090_firmwareinspiron_3593_firmwareprecision_5470_firmwarelatitude_9330_firmwarevostro_3710_firmwareinspiron_7501inspiron_7300_2-in-1chengming_3911_firmwareg7_15_7500_firmwareprecision_7960_tower_firmwareoptiplex_3000_firmwareinspiron_3891latitude_3330xps_13_9305g3_3500xps_13_7390_2-in-1alienware_m18inspiron_7300_2-in-1_firmwareoptiplex_7090_firmwarevostro_3690g16_7620_firmwarevostro_3020_sff_firmwareprecision_3460_small_form_factor_firmwarevostro_3020_t_firmwarevostro_7500optiplex_7490_all-in-onelatitude_7320alienware_m15_r7g5_15_5500_firmwareoptiplex_7090latitude_9520precision_3660g7_17_7700_firmwarevostro_3910inspiron_14_5418_firmwarelatitude_7230_rugged_extreme_tablet_firmwarelatitude_3440latitude_7420inspiron_3020_desktoplatitude_rugged_7330_firmwarevostro_3020_tvostro_5491_firmwarelatitude_5430xps_13_7390inspiron_7490_firmwarelatitude_3530_firmwarelatitude_3400_firmwareinspiron_24_5420_all-in-one_firmwarevostro_3890chengming_3901_firmwareinspiron_3593inspiron_15_5518_firmwareoptiplex_tower_plus_7010inspiron_3511_firmwareprecision_5860_toweroptiplex_3000_thin_clientg7_15_7500inspiron_14_5410xps_13_9310_firmwarexps_13_7390_firmwareinspiron_5493_firmwarelatitude_3400latitude_7520_firmwarelatitude_5431vostro_3710optiplex_3000_thin_client_firmwarelatitude_5420optiplex_xe4_firmwareinspiron_3793_firmwareprecision_5470vostro_5890_firmwareoptiplex_micro_plus_7010latitude_3440_firmwareinspiron_3910_firmwareg15_5520_firmwarelatitude_3530inspiron_15_5510optiplex_small_form_factor_plus_7010precision_3470_firmwareinspiron_3511vostro_5510xps_13_9305_firmwarelatitude_rugged_5430_firmwarexps_13_9310inspiron_5410optiplex_7400_all-in-onevostro_3020_sffvostro_3510_firmwareoptiplex_7000chengming_3901latitude_3340_firmwareinspiron_5410_firmwarealienware_m16latitude_3540_firmwareinspiron_15_5510_firmwarevostro_5410_firmwarelatitude_5431_firmwarelatitude_3301inspiron_27_7720_all-in-one_firmwarexps_13_9300g3_3500_firmwareg16_7620precision_3450chengming_3900latitude_3500_firmwarechengming_3900_firmwarexps_15_9520_firmwareprecision_5680_firmwareoptiplex_7490_all-in-one_firmwarevostro_5591precision_3260_xe_compact_firmwareprecision_3260_xe_compactinspiron_7501_firmwareprecision_3660_firmwareoptiplex_5400_all-in-one_firmwarechengming_3910inspiron_7500_2-in-1_blacklatitude_3330_firmwarexps_13_9315_firmwarevostro_7510_firmwarelatitude_3140latitude_3500vostro_7510xps_13_9300_firmwareinspiron_3793precision_5570_firmwareinspiron_3910inspiron_27_7720_all-in-oneinspiron_7510_firmwarelatitude_rugged_5430latitude_7520optiplex_7400_all-in-one_firmwareprecision_5570vostro_3890_firmwareinspiron_7500_2-in-1_black_firmwareprecision_3450_firmwareinspiron_14_5410_firmwareprecision_3460_small_form_factorinspiron_7500optiplex_micro_plus_7010_firmwarealienware_m16_firmwareprecision_3460_xe_small_form_factorprecision_3470latitude_7320_firmwareoptiplex_5490_all-in-onexps_15_9520inspiron_3493latitude_3340vostro_5410g5_15_5500inspiron_3020_small_desktop_firmwarelatitude_7230_rugged_extreme_tabletlatitude_5430_firmwareoptiplex_small_form_factor_plus_7010_firmwareinspiron_5593_firmwareoptiplex_5000_firmwareoptiplex_7410_all-in-one_firmwareinspiron_5593latitude_5420_firmwareinspiron_3020_desktop_firmwareoptiplex_5000inspiron_7510inspiron_3493_firmwareprecision_3260_compact_firmwareoptiplex_5400_all-in-onelatitude_3320vostro_3910_firmwareprecision_3460_xe_small_form_factor_firmwarechengming_3911latitude_3540xps_13_9310_2-in-1_firmwarealienware_m18_firmwareinspiron_3020_small_desktopprecision_5680precision_3260_compactalienware_m15_r7_firmwareinspiron_14_5418inspiron_24_5421_all-in-one_firmwarelatitude_3430g15_5520optiplex_7000_firmwarelatitude_3301_firmwarelatitude_3320_firmwareprecision_3650_tower_firmwarelatitude_3140_firmwarelatitude_9520_firmwareoptiplex_5490_all-in-one_firmwarevostro_3510vostro_3690_firmwarexps_13_9310_2-in-1optiplex_5090inspiron_15_5518optiplex_xe4vostro_5591_firmwarevostro_7500_firmwareCPG BIOS
CWE ID-CWE-287
Improper Authentication
CVE-2024-47125
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.6||HIGH
EPSS-0.14% / 3.72%
||
7 Day CHG~0.00%
Published-26 Sep, 2024 | 17:24
Updated-17 Oct, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Restriction of Communication Channel to Intended Endpoints in goTenna Pro

The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. It is advised to update your app to the current release for enhanced encryption protocols.

Action-Not Available
Vendor-gotennagoTennagotenna
Product-gotenna_proPropro_app
CWE ID-CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
CWE ID-CWE-287
Improper Authentication
CVE-2022-33202
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.1||HIGH
EPSS-0.38% / 29.60%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 00:20
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor.

Action-Not Available
Vendor-softcreateSOFTCREATE CORP.
Product-l2blockerL2Blocker
CWE ID-CWE-287
Improper Authentication
CVE-2024-36444
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.51% / 39.69%
||
7 Day CHG~0.00%
Published-22 Aug, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an unauthenticated attacker to gain access to device logs.

Action-Not Available
Vendor-n/aswissphone
Product-n/adical-red_4009
CWE ID-CWE-287
Improper Authentication
CVE-2025-65128
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.26% / 17.42%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 00:00
Updated-17 Feb, 2026 | 22:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "*_nocommit" and supplying the parameters expected by the invoked function, an attacker can change configuration data, including SSID, Wi-Fi credentials, and administrative passwords, without authentication or an existing session.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-287
Improper Authentication
Details not found