Vulnerability Details : CVE-2022-34397

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.

Published 2023-02-13 10:15:13

Updated 2023-07-21 19:05:06

Source Dell

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-34397

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 7 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-34397

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.7	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	2.1	3.6	nvd@nist.gov
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None
6.9	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N	1.7	4.7	security_alert@emc.com
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Changed Confidentiality: Low Integrity: High Availability: None

CWE ids for CVE-2022-34397

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Assigned by:
- nvd@nist.gov (Secondary)
- security_alert@emc.com (Secondary)

References for CVE-2022-34397

https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities

Patch;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2022-34397

Dell » Solutions Enabler Virtual Appliance
Versions before (<) 9.2.3.6
cpe:2.3:a:dell:solutions_enabler_virtual_appliance:*:*:*:*:*:*:*:*
Matching versions
Dell » Solutions Enabler Virtual Appliance » EEM Edition
Versions before (<) 9.2.4.26
cpe:2.3:a:dell:solutions_enabler_virtual_appliance:*:*:*:*:eem:*:*:*
Matching versions
Dell » Unisphere For Powermax Virtual Appliance
Versions before (<) 9.2.3.22
cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance:*:*:*:*:*:*:*:*
Matching versions
Dell » Unisphere For Powermax Virtual Appliance » EEM Edition
Versions before (<) 9.2.4.26
cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance:*:*:*:*:eem:*:*:*
Matching versions
Dell » Evasa Provider Virtual Appliance
Versions before (<) 9.2.4.15
cpe:2.3:a:dell:evasa_provider_virtual_appliance:*:*:*:*:*:*:*:*
Matching versions