CVE-2022-45103

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
dellCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
dellemc_solutions_enabler_virtual_appliance
𝑥
< 9.2.3.6
dellemc_unisphere_for_powermax
𝑥
< 9.2.3.22
dellemc_unisphere_for_powermax
10.0.0.0 ≤
𝑥
< 10.0.0.5
dellemc_unisphere_for_powermax_virtual_appliance
𝑥
< 9.2.3.22
dellemc_vasa_provider_virtual_appliance
𝑥
< 9.2.4.15
dellsolutions_enabler
𝑥
< 9.2.3.6
dellsolutions_enabler
10.0.0.0 ≤
𝑥
< 10.0.0.5
dellunisphere_360
𝑥
< 9.2.3.12
dellvasa_provider
𝑥
< 9.2.4.22
dellpowermax_os
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities
https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities