Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Unity_operating_environment
(Dell)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 26 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-12 | CVE-2024-0166 | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges. | Unity_operating_environment | 7.8 | ||
| 2021-04-30 | CVE-2021-21547 | Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | Unity_operating_environment, Unity_xt_operating_environment, Unityvsa_operating_environment | 6.7 | ||
| 2022-05-26 | CVE-2022-29091 | Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | Unity_operating_environment, Unity_xt_operating_environment, Unityvsa_operating_environment | 6.1 | ||
| 2022-06-02 | CVE-2022-29084 | Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users. | Unity_operating_environment, Unity_xt_operating_environment, Unityvsa_operating_environment | 9.8 | ||
| 2022-06-02 | CVE-2022-29085 | Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | Unity_operating_environment, Unity_xt_operating_environment, Unityvsa_operating_environment | 6.7 | ||
| 2023-10-23 | CVE-2023-43065 | Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges. | Unity_operating_environment, Unity_xt_operating_environment, Unityvsa_operating_environment | 5.4 | ||
| 2023-10-23 | CVE-2023-43074 | Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server. | Unity_operating_environment, Unity_xt_operating_environment, Unityvsa_operating_environment | 7.5 | ||
| 2023-10-23 | CVE-2023-43066 | Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands. | Unity_operating_environment, Unity_xt_operating_environment, Unityvsa_operating_environment | 7.8 | ||
| 2023-10-23 | CVE-2023-43067 | Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system. | Unity_operating_environment, Unity_xt_operating_environment, Unityvsa_operating_environment | 6.5 | ||
| 2023-11-22 | CVE-2023-43082 | Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate. | Unity_operating_environment, Unity_xt_operating_environment, Unityvsa_operating_environment | 5.9 |