CVE-2021-36338
21.01.2022, 21:15
Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338.Enginsight
| Vendor | Product | Version |
|---|---|---|
| dell | solutions_enabler | 𝑥 < 9.1.0.18 |
| dell | solutions_enabler | 9.2.0.0 ≤ 𝑥 < 9.2.3.0 |
| dell | solutions_enabler_virtual_appliance | 𝑥 < 9.1.0.18 |
| dell | solutions_enabler_virtual_appliance | 9.2.0.0 ≤ 𝑥 < 9.2.3.0 |
| dell | unisphere_360 | 𝑥 < 9.1.0.29 |
| dell | unisphere_360 | 9.2.0.0 ≤ 𝑥 < 9.2.3.3 |
| dell | unisphere_for_powermax | 𝑥 < 9.1.0.31 |
| dell | unisphere_for_powermax | 9.2.0.0 ≤ 𝑥 < 9.2.3.4 |
| dell | unisphere_for_powermax_virtual_appliance | 𝑥 < 9.1.0.31 |
| dell | unisphere_for_powermax_virtual_appliance | 9.2.0.0 ≤ 𝑥 < 9.2.3.4 |
| dell | vasa | 𝑥 < 9.1.0.723 |
| dell | vasa | 9.2.0.0 ≤ 𝑥 < 9.2.3.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-602 - Client-Side Enforcement of Server-Side SecurityThe product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.
- CWE-565 - Reliance on Cookies without Validation and Integrity CheckingThe application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.