CVE-2022-31233
31.08.2022, 20:15
Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| dell | evasa_provider_virtual_appliance | 𝑥 < 9.2.3.7 |
| dell | solutions_enabler | 𝑥 < 9.2.3.4 |
| dell | solutions_enabler_virtual_appliance | 𝑥 < 9.2.3.4 |
| dell | unisphere_360 | 𝑥 < 9.2.3.6 |
| dell | unisphere_for_powermax | 𝑥 < 9.2.3.15 |
| dell | unisphere_for_powermax_virtual_appliance | 𝑥 < 9.2.3.15 |
| dell | vasa | 𝑥 < 9.2.3.15 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-602 - Client-Side Enforcement of Server-Side SecurityThe product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.
- CWE-669 - Incorrect Resource Transfer Between SpheresThe product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.