Vulnerabilites related to dell - storage_manager
Vulnerability from fkie_nvd
Published
2025-05-06 16:15
Modified
2025-05-13 20:18
Severity ?
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
5.2 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.2 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | storage_manager | 16.3.20 | |
| dell | storage_manager | 2016 | |
| dell | storage_manager | 2020 | |
| dell | storage_manager | 2020 | |
| dell | storage_manager | 2020 | |
| dell | storage_manager | 2020 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:storage_manager:16.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4B35D3F3-363D-42AF-A582-FFA03154B20A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2016:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "43A8A705-CD7C-4AE8-9175-923BCE7BB6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1:*:*:*:*:*:*",
"matchCriteriaId": "567442CC-381B-43A1-ADE9-AE00075021D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.10:*:*:*:*:*:*",
"matchCriteriaId": "B978EFB1-877F-4091-A401-F1861229E033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "263E78BD-D8C0-480F-9EED-D5496708CFCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.20:*:*:*:*:*:*",
"matchCriteriaId": "1055DB85-9105-44E5-9CEB-509C7F7041FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection."
},
{
"lang": "es",
"value": "Dell Storage Center - Dell Storage Manager, versi\u00f3n 21.0.20, contiene una vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (\u00abCross-site Scripting\u00bb). Un atacante no autenticado con acceso a la red adyacente podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda la inyecci\u00f3n de scripts."
}
],
"id": "CVE-2025-23379",
"lastModified": "2025-05-13T20:18:55.637",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-06T16:15:27.557",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000317318/dsa-2025-191-security-update-for-storage-center-dell-storage-manager-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security_alert@emc.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-06 16:15
Modified
2025-05-13 20:17
Severity ?
8.3 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | storage_manager | 16.3.20 | |
| dell | storage_manager | 2016 | |
| dell | storage_manager | 2020 | |
| dell | storage_manager | 2020 | |
| dell | storage_manager | 2020 | |
| dell | storage_manager | 2020 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:storage_manager:16.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4B35D3F3-363D-42AF-A582-FFA03154B20A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2016:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "43A8A705-CD7C-4AE8-9175-923BCE7BB6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1:*:*:*:*:*:*",
"matchCriteriaId": "567442CC-381B-43A1-ADE9-AE00075021D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.10:*:*:*:*:*:*",
"matchCriteriaId": "B978EFB1-877F-4091-A401-F1861229E033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "263E78BD-D8C0-480F-9EED-D5496708CFCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.20:*:*:*:*:*:*",
"matchCriteriaId": "1055DB85-9105-44E5-9CEB-509C7F7041FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges."
},
{
"lang": "es",
"value": "Dell Storage Center - Dell Storage Manager, versi\u00f3n 20.1.20, presenta una vulnerabilidad de autenticaci\u00f3n incorrecta. Un atacante no autenticado con acceso a la red adyacente podr\u00eda explotar esta vulnerabilidad, lo que conllevar\u00eda una elevaci\u00f3n de privilegios."
}
],
"id": "CVE-2025-22477",
"lastModified": "2025-05-13T20:17:36.393",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-06T16:15:27.017",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000317318/dsa-2025-191-security-update-for-storage-center-dell-storage-manager-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security_alert@emc.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-16 20:29
Modified
2024-11-21 03:12
Severity ?
Summary
In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf | Vendor Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/103467 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103467 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | storage_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC143803-C9B4-4054-B171-9FBD2E77209B",
"versionEndExcluding": "16.3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability."
},
{
"lang": "es",
"value": "En versiones anteriores a la 16.3.20 de Dell Storage Manager, el servicio EMConfigMigration se ha visto afectado por una vulnerabilidad de salto de directorio. Un usuario malicioso remoto podr\u00eda explotar esta vulnerabilidad para leer archivos no autorizados proporcionando cadenas especialmente manipuladas en los par\u00e1metros de entrada de la aplicaci\u00f3n. Un usuario malicioso no puede borrar o modificar archivos mediante esta vulnerabilidad."
}
],
"id": "CVE-2017-14384",
"lastModified": "2024-11-21T03:12:40.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-16T20:29:00.290",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103467"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-06 16:15
Modified
2025-05-13 20:17
Severity ?
8.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | storage_manager | 16.3.20 | |
| dell | storage_manager | 2016 | |
| dell | storage_manager | 2020 | |
| dell | storage_manager | 2020 | |
| dell | storage_manager | 2020 | |
| dell | storage_manager | 2020 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:storage_manager:16.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4B35D3F3-363D-42AF-A582-FFA03154B20A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2016:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "43A8A705-CD7C-4AE8-9175-923BCE7BB6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1:*:*:*:*:*:*",
"matchCriteriaId": "567442CC-381B-43A1-ADE9-AE00075021D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.10:*:*:*:*:*:*",
"matchCriteriaId": "B978EFB1-877F-4091-A401-F1861229E033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "263E78BD-D8C0-480F-9EED-D5496708CFCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.20:*:*:*:*:*:*",
"matchCriteriaId": "1055DB85-9105-44E5-9CEB-509C7F7041FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering."
},
{
"lang": "es",
"value": "Dell Storage Center - Dell Storage Manager, versi\u00f3n 20.1.20, presenta una vulnerabilidad de restricci\u00f3n incorrecta de referencias a entidades externas XML. Un atacante no autenticado con acceso a la red adyacente podr\u00eda explotar esta vulnerabilidad, lo que podr\u00eda provocar la divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2025-22478",
"lastModified": "2025-05-13T20:17:50.513",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-06T16:15:27.210",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000317318/dsa-2025-191-security-update-for-storage-center-dell-storage-manager-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "security_alert@emc.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-06 00:29
Modified
2025-04-20 01:37
Severity ?
Summary
The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | storage_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC143803-C9B4-4054-B171-9FBD2E77209B",
"versionEndExcluding": "16.3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance)."
},
{
"lang": "es",
"value": "El servicio SMI-S en Dell Storage Manager en versiones anteriores a la 16.3.20 (tambi\u00e9n conocida como 2016 R3.20) est\u00e1 protegido mediante el uso de una contrase\u00f1a embebida. Un usuario remoto que conozca la contrase\u00f1a podr\u00eda deshabilitar el servicio SMI-S mediante peticiones HTTP. Esto afectar\u00eda a la gesti\u00f3n de contrase\u00f1as y a la funcionalidad de monitorizaci\u00f3n mediante la interfaz SMI-S. Este problema, tambi\u00e9n conocido como DSM-30415, solo afecta a la instalaci\u00f3n de Windows del recopilador de datos (no aplicable a la aplicaci\u00f3n virtual)."
}
],
"id": "CVE-2017-14374",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-06T00:29:00.213",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-06 16:15
Modified
2025-05-13 20:18
Severity ?
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | storage_manager | 16.3.20 | |
| dell | storage_manager | 2016 | |
| dell | storage_manager | 2020 | |
| dell | storage_manager | 2020 | |
| dell | storage_manager | 2020 | |
| dell | storage_manager | 2020 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:storage_manager:16.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4B35D3F3-363D-42AF-A582-FFA03154B20A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2016:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "43A8A705-CD7C-4AE8-9175-923BCE7BB6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1:*:*:*:*:*:*",
"matchCriteriaId": "567442CC-381B-43A1-ADE9-AE00075021D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.10:*:*:*:*:*:*",
"matchCriteriaId": "B978EFB1-877F-4091-A401-F1861229E033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "263E78BD-D8C0-480F-9EED-D5496708CFCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.20:*:*:*:*:*:*",
"matchCriteriaId": "1055DB85-9105-44E5-9CEB-509C7F7041FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection."
},
{
"lang": "es",
"value": "Dell Storage Center - Dell Storage Manager, versi\u00f3n 20.0.21, presenta una vulnerabilidad de limitaci\u00f3n incorrecta de una ruta de acceso a un directorio restringido (\u00abPath Traversal\u00bb). Un atacante no autenticado con acceso a la red adyacente podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda la inyecci\u00f3n de scripts."
}
],
"id": "CVE-2025-22479",
"lastModified": "2025-05-13T20:18:11.457",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-06T16:15:27.383",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000317318/dsa-2025-191-security-update-for-storage-center-dell-storage-manager-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security_alert@emc.com",
"type": "Primary"
}
]
}
CVE-2017-14384 (GCVE-0-2017-14384)
Vulnerability from cvelistv5
Published
2018-03-16 20:00
Modified
2024-09-16 22:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Directory traversal vulnerability
Summary
In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/103467 | vdb-entry, x_refsource_BID | |
| http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell EMC | Dell Storage Manager |
Version: earlier than 16.3.20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103467",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103467"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell Storage Manager",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "earlier than 16.3.20"
}
]
}
],
"datePublic": "2017-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "103467",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103467"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2017-12-05T00:00:00",
"ID": "CVE-2017-14384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell Storage Manager",
"version": {
"version_data": [
{
"version_value": "earlier than 16.3.20"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103467"
},
{
"name": "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf",
"refsource": "CONFIRM",
"url": "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-14384",
"datePublished": "2018-03-16T20:00:00Z",
"dateReserved": "2017-09-12T00:00:00",
"dateUpdated": "2024-09-16T22:30:59.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22478 (GCVE-0-2025-22478)
Vulnerability from cvelistv5
Published
2025-05-06 15:55
Modified
2025-05-08 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Summary
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell Storage Center - Dell Storage Manager |
Version: N/A ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T03:56:09.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Storage Center - Dell Storage Manager",
"vendor": "Dell",
"versions": [
{
"lessThan": "2020 R1.21",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell would like to thank sradulea for reporting this issue."
}
],
"datePublic": "2025-05-05T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.\u003cbr\u003e"
}
],
"value": "Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T15:55:03.918Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000317318/dsa-2025-191-security-update-for-storage-center-dell-storage-manager-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-22478",
"datePublished": "2025-05-06T15:55:03.918Z",
"dateReserved": "2025-01-07T06:04:12.135Z",
"dateUpdated": "2025-05-08T03:56:09.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14374 (GCVE-0-2017-14374)
Vulnerability from cvelistv5
Published
2017-12-06 00:00
Modified
2024-08-05 19:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Hard-coded Password Vulnerability
Summary
The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance).
References
| ▼ | URL | Tags |
|---|---|---|
| http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Dell Storage Manager 2016 Dell Storage Manager versions earlier than 16.3.20 |
Version: Dell Storage Manager 2016 Dell Storage Manager versions earlier than 16.3.20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell Storage Manager 2016 Dell Storage Manager versions earlier than 16.3.20",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Dell Storage Manager 2016 Dell Storage Manager versions earlier than 16.3.20"
}
]
}
],
"datePublic": "2017-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hard-coded Password Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-05T23:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-14374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell Storage Manager 2016 Dell Storage Manager versions earlier than 16.3.20",
"version": {
"version_data": [
{
"version_value": "Dell Storage Manager 2016 Dell Storage Manager versions earlier than 16.3.20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hard-coded Password Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf",
"refsource": "CONFIRM",
"url": "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-14374",
"datePublished": "2017-12-06T00:00:00",
"dateReserved": "2017-09-12T00:00:00",
"dateUpdated": "2024-08-05T19:27:40.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22477 (GCVE-0-2025-22477)
Vulnerability from cvelistv5
Published
2025-05-06 16:03
Modified
2025-05-08 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell Storage Center - Dell Storage Manager |
Version: N/A ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T03:56:12.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Storage Center - Dell Storage Manager",
"vendor": "Dell",
"versions": [
{
"lessThan": "2020 R1.21",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell would like to thank sradulea or reporting this issue."
}
],
"datePublic": "2025-05-05T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges.\u003cbr\u003e"
}
],
"value": "Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T16:03:29.485Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000317318/dsa-2025-191-security-update-for-storage-center-dell-storage-manager-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-22477",
"datePublished": "2025-05-06T16:03:29.485Z",
"dateReserved": "2025-01-07T06:04:12.135Z",
"dateUpdated": "2025-05-08T03:56:12.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23379 (GCVE-0-2025-23379)
Vulnerability from cvelistv5
Published
2025-05-06 15:25
Modified
2025-05-06 15:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell Storage Center - Dell Storage Manager |
Version: N/A ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T15:45:08.839133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T15:45:22.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Storage Center - Dell Storage Manager",
"vendor": "Dell",
"versions": [
{
"lessThan": "2020 R1.21",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell would like to thank redfr0g for reporting this issue."
}
],
"datePublic": "2025-05-05T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection."
}
],
"value": "Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T15:35:03.133Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000317318/dsa-2025-191-security-update-for-storage-center-dell-storage-manager-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-23379",
"datePublished": "2025-05-06T15:25:06.049Z",
"dateReserved": "2025-01-15T06:04:03.642Z",
"dateUpdated": "2025-05-06T15:45:22.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22479 (GCVE-0-2025-22479)
Vulnerability from cvelistv5
Published
2025-05-06 15:46
Modified
2025-05-06 18:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell Storage Center - Dell Storage Manager |
Version: N/A ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T18:57:22.589408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T18:57:43.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Storage Center - Dell Storage Manager",
"vendor": "Dell",
"versions": [
{
"lessThan": "2020 R1.21",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell would like to thank redfr0g for reporting this issue."
}
],
"datePublic": "2025-05-05T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection."
}
],
"value": "Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T16:11:03.550Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000317318/dsa-2025-191-security-update-for-storage-center-dell-storage-manager-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-22479",
"datePublished": "2025-05-06T15:46:45.181Z",
"dateReserved": "2025-01-07T06:04:12.135Z",
"dateUpdated": "2025-05-06T18:57:43.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}