CVE-2020-5345

EPSS 0.46%
Published 23.06.2020 20:15:13
Last modified 21.11.2024 05:33:57
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Emc Unisphere For Powermax Version < 9.1.0.17

Dell ≫ Emc Unisphere For Powermax Virtual Appliance Version < 9.1.0.17

Dell ≫ Powermax Os Version5978

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.46%	0.611

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:N/I:P/A:P
security_alert@emc.com	6.4	3.1	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

CWE-602 Client-Side Enforcement of Server-Side Security

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.dell.com/support/security/en-us/details/544585/DSA-2020-065-Dell-EMC-Unisphere-for-PowerMax-Dell-EMC-Unisphere-for-PowerMax-Virtual-Appliance

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-5345

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-5345

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-5345

EUVD