CVE-2022-34397

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
dellCNA
6.9 MEDIUM
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Affected Products (NVD)
VendorProductVersion
dellevasa_provider_virtual_appliance
𝑥
< 9.2.4.15
dellsolutions_enabler_virtual_appliance
𝑥
< 9.2.3.6
dellsolutions_enabler_virtual_appliance
𝑥
< 9.2.4.26
dellunisphere_for_powermax_virtual_appliance
𝑥
< 9.2.3.22
dellunisphere_for_powermax_virtual_appliance
𝑥
< 9.2.4.26
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
dellunisphere_for_powermax
𝑥
< 10.0.0.5
CNA
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities
https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities