Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Unity

Source -

CNA

CNA CVEs -

56

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
56Vulnerabilities found
CVE-2020-29490
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.16%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_vsa_operating_environmentemc_unity_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-29489
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 3.43%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_vsa_operating_environmentemc_unity_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-26199
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 13.86%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_vsa_operating_environmentemc_unity_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-5319
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-1.06% / 76.75%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 17:45
Updated-16 Sep, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP service on a NAS server. A remote unauthenticated attacker may potentially exploit this vulnerability and cause a Denial of Service (Storage Processor Panic) by sending an out of order SSH protocol sequence.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-3741
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.59%
||
7 Day CHG~0.00%
Published-18 Jul, 2019 | 15:47
Updated-16 Sep, 2024 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentUnity
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2019-3734
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 34.09%
||
7 Day CHG~0.00%
Published-18 Jul, 2019 | 15:47
Updated-16 Sep, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an improper authorization vulnerability in NAS Server quotas configuration. A remote authenticated Unisphere Operator could potentially exploit this vulnerability to edit quota configuration of other users.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentUnity
  • Previous
  • 1
  • 2
  • Next