CVE-2020-5345

EPSS 0.46%
Veröffentlicht 23.06.2020 20:15:13
Zuletzt bearbeitet 21.11.2024 05:33:57
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Emc Unisphere For Powermax Version < 9.1.0.17

Dell ≫ Emc Unisphere For Powermax Virtual Appliance Version < 9.1.0.17

Dell ≫ Powermax Os Version5978

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.46%	0.611

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:N/I:P/A:P
security_alert@emc.com	6.4	3.1	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

CWE-602 Client-Side Enforcement of Server-Side Security

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.dell.com/support/security/en-us/details/544585/DSA-2020-065-Dell-EMC-Unisphere-for-PowerMax-Dell-EMC-Unisphere-for-PowerMax-Virtual-Appliance

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-5345

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-5345

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-5345

EUVD