Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data.
Max CVSS
8.3
EPSS Score
0.04%
Published
2024-03-27
Updated
2024-03-27
Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change.
Max CVSS
8.0
EPSS Score
0.04%
Published
2024-03-01
Updated
2024-03-01
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change
Max CVSS
8.8
EPSS Score
0.09%
Published
2024-02-13
Updated
2024-02-27
Dell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access of resources or functionality that could possibly lead to execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.23%
Published
2023-12-04
Updated
2023-12-07
Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information.
Max CVSS
8.4
EPSS Score
0.04%
Published
2023-11-16
Updated
2023-11-20
Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.
Max CVSS
8.2
EPSS Score
0.04%
Published
2023-06-23
Updated
2023-06-30
Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-09-27
Updated
2023-09-29
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities.
Max CVSS
8.7
EPSS Score
0.06%
Published
2023-02-11
Updated
2023-02-21
PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration.
Max CVSS
8.8
EPSS Score
0.09%
Published
2023-02-11
Updated
2023-07-21
Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system.
Max CVSS
9.3
EPSS Score
0.04%
Published
2022-09-01
Updated
2022-09-07
Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system.
Max CVSS
9.8
EPSS Score
0.47%
Published
2022-09-01
Updated
2022-09-07
Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality
Max CVSS
9.8
EPSS Score
0.21%
Published
2022-09-01
Updated
2022-09-07
Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit.
Max CVSS
9.8
EPSS Score
0.44%
Published
2022-10-21
Updated
2022-10-24
Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions.
Max CVSS
9.0
EPSS Score
0.22%
Published
2022-05-26
Updated
2023-06-28
Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.
Max CVSS
10.0
EPSS Score
0.35%
Published
2022-05-26
Updated
2022-06-07
Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit this vulnerability to gain unauthorized access to the system.
Max CVSS
9.1
EPSS Score
0.14%
Published
2021-11-23
Updated
2021-11-24
Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.
Max CVSS
9.8
EPSS Score
0.55%
Published
2021-11-20
Updated
2022-04-25
Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.
Max CVSS
9.8
EPSS Score
0.42%
Published
2021-11-20
Updated
2021-11-23
Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
Max CVSS
8.8
EPSS Score
0.04%
Published
2021-08-09
Updated
2022-04-25
Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data.
Max CVSS
9.8
EPSS Score
0.43%
Published
2021-08-09
Updated
2022-10-25
Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console.
Max CVSS
10.0
EPSS Score
0.56%
Published
2021-07-29
Updated
2021-08-06
Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system.
Max CVSS
9.8
EPSS Score
0.60%
Published
2021-03-02
Updated
2021-09-14
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data.
Max CVSS
8.1
EPSS Score
0.18%
Published
2021-02-15
Updated
2022-04-26
Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity.
Max CVSS
9.8
EPSS Score
0.31%
Published
2021-02-09
Updated
2022-07-12
Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files.
Max CVSS
8.8
EPSS Score
0.10%
Published
2020-07-06
Updated
2020-07-14
33 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!