fkie_cve-2025-22478
Vulnerability from fkie_nvd
Published
2025-05-06 16:15
Modified
2025-05-13 20:17
Severity ?
8.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.
References
security_alert@emc.comhttps://www.dell.com/support/kbdoc/en-us/000317318/dsa-2025-191-security-update-for-storage-center-dell-storage-manager-vulnerabilitiesVendor Advisory
Impacted products
Vendor Product Version
dell storage_manager 16.3.20
dell storage_manager 2016
dell storage_manager 2020
dell storage_manager 2020
dell storage_manager 2020
dell storage_manager 2020


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dell:storage_manager:16.3.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B35D3F3-363D-42AF-A582-FFA03154B20A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:storage_manager:2016:r2.1:*:*:*:*:*:*",
              "matchCriteriaId": "43A8A705-CD7C-4AE8-9175-923BCE7BB6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:storage_manager:2020:r1:*:*:*:*:*:*",
              "matchCriteriaId": "567442CC-381B-43A1-ADE9-AE00075021D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.10:*:*:*:*:*:*",
              "matchCriteriaId": "B978EFB1-877F-4091-A401-F1861229E033",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.2:*:*:*:*:*:*",
              "matchCriteriaId": "263E78BD-D8C0-480F-9EED-D5496708CFCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.20:*:*:*:*:*:*",
              "matchCriteriaId": "1055DB85-9105-44E5-9CEB-509C7F7041FE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering."
    },
    {
      "lang": "es",
      "value": "Dell Storage Center - Dell Storage Manager, versi\u00f3n 20.1.20, presenta una vulnerabilidad de restricci\u00f3n incorrecta de referencias a entidades externas XML. Un atacante no autenticado con acceso a la red adyacente podr\u00eda explotar esta vulnerabilidad, lo que podr\u00eda provocar la divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n."
    }
  ],
  "id": "CVE-2025-22478",
  "lastModified": "2025-05-13T20:17:50.513",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "security_alert@emc.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-06T16:15:27.210",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/kbdoc/en-us/000317318/dsa-2025-191-security-update-for-storage-center-dell-storage-manager-vulnerabilities"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.